# GET /auth/me

> Get the current authenticated user

Returns the currently authenticated user. Requires a valid JWT in the `Authorization` header (obtained from [login](/reference/authentication/login), [OTP verify](/reference/authentication/otp-verify), or [register](/reference/authentication/register)).

  **Authentication required.** You must send a valid JWT: `Authorization: Bearer &lt;token&gt;`

## Endpoint

```http
GET /v1/public/projects/:projectSlug/auth/me
```

## Request Parameters

### Path Parameters

| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `projectSlug` | string | ✅ | Your project's unique slug |

### Headers

| Header | Required | Description |
|--------|----------|-------------|
| `Authorization` | ✅ | `Bearer <jwt-token>` — token from login, register, or OTP verify |

## Response

### Success (200 OK)

```json
{
  "id": "user-uuid-here",
  "email": "user@example.com",
  "name": "Jane Doe",
  "email_verified_at": "2026-02-10T10:00:00Z",
  "profile_extras": {
    "company": "Example Inc",
    "phone": "+1-555-1234"
  }
}
```

| Field | Type | Description |
|-------|------|-------------|
| `id` | string | User UUID |
| `email` | string | User's email (phone-only users have a placeholder email) |
| `name` | string | Display name |
| `email_verified_at` | string \| null | ISO date when email was verified, or null |
| `profile_extras` | object | Custom signup fields stored for this user |

### Error Responses

| Status Code | Error Code | Description |
|-------------|------------|-------------|
| 401 | `UNAUTHORIZED` | Missing or invalid token |
| 429 | `RATE_LIMIT_EXCEEDED` | Too many requests |
| 500 | `INTERNAL_SERVER_ERROR` | Server error |

## Hooks

This endpoint is read-only. You can optionally attach a project event such as `auth.me.read` to track profile reads. Configure in **Project → Hooks**.

## Try It Now

Paste a JWT from a previous login or register call to test.

## SDK Example

```javascript
const token = localStorage.getItem('authToken');
const response = await fetch(
  'https://api.aerostack.dev/v1/public/projects/your-project/auth/me',
  {
    headers: {
      'Authorization': `Bearer ${token}`
    }
  }
);

if (!response.ok) {
  if (response.status === 401) {
    // Token expired or invalid — redirect to login
    window.location.href = '/login';
  }
  throw new Error((await response.json()).message);
}

const user = await response.json();
console.log('Current user:', user);
```

## Related Endpoints

- [POST /auth/login](/reference/authentication/login) - Get a token
- [POST /auth/register](/reference/authentication/register) - Create account and optionally get token
- [POST /auth/otp/verify](/reference/authentication/otp-verify) - Passwordless login

---

## PATCH /auth/me

Update the current user's profile.

## Request

```http
PATCH /v1/public/projects/:projectSlug/auth/me
```

### Body (JSON)

| Field | Type | Description |
|-------|------|-------------|
| `name` | string | Update display name |
| `avatar_image_id` | string | **Important:** The ID from `POST /storage/upload` to set as avatar |
| `profile_extras` | object | Update custom profile fields (merges with existing) |
| `first_name` | string | Update first name (synced to customer record) |
| `last_name` | string | Update last name (synced to customer record) |
| `phone` | string | Update phone number |

To remove a field, set it to `null`.

### Example: Setting Avatar

After uploading a file and getting an ID (e.g., `725365d7...`), link it to the user:

```json
{
  "avatar_image_id": "725365d7-21fc-45eb-b6ec-8390f0a438d1"
}
```

### Response

```json
{
  "success": true
}
```

---

## DELETE /auth/me/avatar

Remove the current user's avatar image.

## Request

```http
DELETE /v1/public/projects/:projectSlug/auth/me/avatar
```

### Response

```json
{
  "success": true,
  "message": "Avatar removed"
}
```
