Accounts API

POST /api/accounts/signup

No auth required

Create a new user account.

Request

{
  "email": "[email protected]",
  "password": "securepassword",
  "username": "jdoe",
  "displayName": "Jane Doe"
}

Response 201

{
  "id": "uuid",
  "slug": "jdoe",
  "displayName": "Jane Doe"
}

Also sets a session cookie (30-day expiry).

POST /api/accounts/login

No auth required

Request

{
  "email": "[email protected]",
  "password": "securepassword"
}

Response 200

{
  "id": "uuid",
  "slug": "jdoe",
  "displayName": "Jane Doe"
}

Sets a session cookie.

POST /api/accounts/logout

No auth required

Clears the session cookie and deletes the session from the database.

Response 200

{"ok": true}

GET /api/accounts/me

Auth: session or API key (any scope)

Get the authenticated account.

Response 200

{
  "id": "uuid",
  "slug": "jdoe",
  "type": "user",
  "displayName": "Jane Doe",
  "email": "[email protected]",
  "createdAt": "2026-01-15T00:00:00.000Z"
}

GET /api/accounts/:slug

No auth required

Get public profile for any account.

Response 200

{
  "id": "uuid",
  "slug": "knowledge-futures",
  "type": "org",
  "displayName": "Knowledge Futures",
  "createdAt": "2026-01-15T00:00:00.000Z"
}

POST /api/accounts/keys

Auth: session or API key (any scope)

Create a new API key. The raw key is returned only once.

Request

{
  "label": "my-sync-script",
  "scope": "write",
  "collectionId": "uuid (optional — scope key to one collection)"
}

Response 201

{
  "id": "uuid",
  "key": "ul_a1b2c3d4e5...",
  "label": "my-sync-script",
  "scope": "write",
  "collectionId": null
}

GET /api/accounts/keys

Auth: session or API key (any scope)

List all API keys for the authenticated account. The raw key is not included.

DELETE /api/accounts/keys/:id

Auth: session or API key (any scope)

Revoke an API key.

Response 200

{"ok": true}