Profile Management
AutoCom provides comprehensive profile management capabilities, allowing users to update their information, manage email addresses, and control their active sessions.
Overview
Profile management features include:
- View profile - Get user information and tenant membership
- Update profile - Change name and other settings
- Email management - Update and verify email address
- Session management - View and revoke access tokens
API Endpoints
Get Profile
Retrieve the authenticated user's profile information.
GET /api/v1/profile
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Response:
{
"id": 1,
"name": "John Doe",
"email": "user@example.com",
"email_verified": true,
"is_super_admin": false,
"created_at": "2025-01-01T10:00:00.000000Z",
"last_login_at": "2025-01-27T08:30:00.000000Z",
"last_login_ip": "192.168.1.100",
"current_tenant": {
"id": "tenant-1",
"role": "admin",
"status": "active",
"joined_at": "2025-01-01T10:00:00.000000Z",
"last_active_at": "2025-01-27T08:30:00.000000Z"
},
"tenants_count": 2
}
Update Profile
Update the user's profile information.
PATCH /api/v1/profile
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Content-Type: application/json
{
"name": "Jane Doe"
}
Response:
{
"message": "Profile updated successfully",
"user": {
"id": 1,
"name": "Jane Doe",
"email": "user@example.com"
}
}
Update Email
Change the user's email address. Requires current password verification.
PUT /api/v1/profile/email
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Content-Type: application/json
{
"email": "newemail@example.com",
"password": "current_password"
}
Response:
{
"message": "Email updated. Please verify your new email address.",
"email": "newemail@example.com",
"requires_verification": true
}
Note: The new email must be verified. See Email Verification for details.
Session Management
List Active Sessions
View all active access tokens for the current user.
GET /api/v1/profile/sessions
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Response:
{
"sessions": [
{
"id": "abc123",
"name": "api-token",
"created_at": "2025-01-27T08:00:00.000000Z",
"last_used_at": "2025-01-27T10:30:00.000000Z",
"is_current": true
},
{
"id": "def456",
"name": "api-token",
"created_at": "2025-01-20T14:00:00.000000Z",
"last_used_at": "2025-01-25T16:45:00.000000Z",
"is_current": false
}
]
}
Revoke a Session
Revoke a specific access token (cannot revoke current session).
DELETE /api/v1/profile/sessions/{tokenId}
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Success response:
{
"message": "Session revoked successfully."
}
Error (trying to revoke current session):
{
"message": "The given data was invalid.",
"errors": {
"token": ["Cannot revoke current session. Use logout instead."]
}
}
Revoke All Other Sessions
Revoke all access tokens except the current one.
DELETE /api/v1/profile/sessions
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Response:
{
"message": "Revoked 3 session(s).",
"revoked_count": 3
}
Password Change
Change the user's password (requires current password).
POST /api/v1/auth/change-password
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id
Content-Type: application/json
{
"current_password": "current_password",
"password": "new_secure_password",
"password_confirmation": "new_secure_password"
}
Response:
{
"message": "Password changed successfully."
}
Frontend Integration
Profile Page Component
interface UserProfile {
id: number;
name: string;
email: string;
email_verified: boolean;
current_tenant?: {
id: string;
role: string;
status: string;
};
tenants_count: number;
}
async function getProfile(accessToken: string, tenantId: string): Promise<UserProfile> {
const response = await fetch('/api/v1/profile', {
headers: {
'Authorization': `Bearer ${accessToken}`,
'X-Tenant': tenantId,
},
});
return response.json();
}
async function updateProfile(
accessToken: string,
tenantId: string,
data: { name?: string }
) {
const response = await fetch('/api/v1/profile', {
method: 'PATCH',
headers: {
'Authorization': `Bearer ${accessToken}`,
'X-Tenant': tenantId,
'Content-Type': 'application/json',
},
body: JSON.stringify(data),
});
return response.json();
}
Session Management Component
interface Session {
id: string;
name: string;
created_at: string;
last_used_at: string;
is_current: boolean;
}
async function revokeSession(accessToken: string, tenantId: string, sessionId: string) {
const response = await fetch(`/api/v1/profile/sessions/${sessionId}`, {
method: 'DELETE',
headers: {
'Authorization': `Bearer ${accessToken}`,
'X-Tenant': tenantId,
},
});
return response.json();
}
async function revokeAllSessions(accessToken: string, tenantId: string) {
const response = await fetch('/api/v1/profile/sessions', {
method: 'DELETE',
headers: {
'Authorization': `Bearer ${accessToken}`,
'X-Tenant': tenantId,
},
});
return response.json();
}
Activity Logging
Profile changes are logged for auditing:
| Action | Description |
|---|---|
profile_updated |
User updated their profile information |
email_changed |
User changed their email address |
password_changed |
User changed their password |