Authentication
Verify Access
Check whether an API key can authenticate API requests.
Modified at Apr 28, 2026, 05:38 AM UTC
GET/api/meuser.me.read
Returns the account profile connected to the API key, including the effective permissions used for RBAC checks.
Use this request after creating or rotating a key to confirm that the key can authenticate API requests and that the expected permissions are visible to the integration.
Request
curl "https://cekceir.online/api/me" \
-H "Authorization: Bearer <api_key>" \Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
| Authorization | header string | Yes | Bearer token header in the format Bearer <api_key>. |
Success Response
{ "user_id": 1001, "via": "client_api_key", "access_channel": "api", "account_type": "basic", "role": "user", "phone": "+628123456789", "profile_picture_url": null, "username": "customer", "email": "[email protected]", "session_id": null, "api_key_id": 42, "api_key_type": "client", "external_user": null, "permissions": [ "user.me.read", "order.create" ], "token": { "expires_at": null, "expires_in": null }}Response Fields
| Field | Type | Required | Description |
|---|---|---|---|
| user_id | number | Yes | User ID that owns the API key. |
| via | string | Yes | Auth audience, such as client_api_key or application_api_key. |
| access_channel | string | Yes | Channel used by the credential, usually api. |
| account_type | string | Yes | Account type assigned to the user. |
| role | string | Yes | User role used for RBAC permission checks. |
| phone | string or null | No | Account phone number when available. |
| profile_picture_url | string or null | No | Profile picture URL when configured. |
| username | string or null | No | Account username when available. |
| string or null | No | Account email address when available. | |
| session_id | string or null | No | Session ID when authenticated with a session token. API keys return null. |
| api_key_id | number or null | No | API key ID when authenticated with an API key. |
| api_key_type | string or null | No | API key type, such as client or application. |
| external_user | object or null | No | Delegated external user context for application keys when present. |
| permissions | string[] | Yes | Effective permissions after key scope, key type, and user role are evaluated. |
| token.expires_at | ISO datetime or null | No | Access-token expiration when authenticated by session token. API keys return null. |
| token.expires_in | number or null | No | Seconds until access-token expiration when available. API keys return null. |