Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Account Endpoints

Register

Creates a new user account.

POST /api/v1/register

Authentication: None (public endpoint).

Request Body — RegisterRequest

FieldTypeRequiredDescription
usernamestringYesUnique username. 1–64 characters, must start with ASCII alphanumeric, only letters/digits/underscores.
passwordstringYesPassword. Minimum 8 characters.
aliasstringNoDisplay name. Max 64 characters, no ASCII control characters.
registration_tokenstringNoRegistration token for invite-only servers. Required when registration_enabled is false.

Response Body — RegisterResponse

FieldTypeDescription
user_idint64The server-assigned unique user ID.

Status Codes

CodeCondition
201 CreatedRegistration successful.
400 Bad RequestInvalid username format, password too short, alias too long or contains control characters.
403 ForbiddenRegistration is disabled, or the provided registration token is invalid.
409 ConflictUsername already taken.

SSE Events

None.

Login

Authenticates a user and returns a session token.

POST /api/v1/login

Authentication: None (public endpoint).

Request Body — LoginRequest

FieldTypeRequiredDescription
usernamestringYesThe user’s username.
passwordstringYesThe user’s password.

Response Body — LoginResponse

FieldTypeDescription
tokenstringSession token (256-bit random, hex-encoded, 64 characters).
user_idint64The user’s unique ID.
usernamestringThe user’s username.

Status Codes

CodeCondition
200 OKLogin successful.
401 UnauthorizedInvalid username or password.

Notes

The server MUST perform timing-equalized password verification to prevent username enumeration. When the requested username does not exist, the server runs password verification against a dummy hash to ensure consistent response times.

SSE Events

None.

Logout

Revokes the current session token.

POST /api/v1/logout

Authentication: Required.

Request Body

None.

Response

HTTP 204 No Content with no body.

Status Codes

CodeCondition
204 No ContentLogout successful. Token revoked.
401 UnauthorizedInvalid or expired token.

SSE Events

None.

Get Current User

Returns the authenticated user’s profile information.

GET /api/v1/me

Authentication: Required.

Request Body

None.

Response Body — UserInfoResponse

FieldTypeDescription
user_idint64The user’s unique ID.
usernamestringThe user’s username.
aliasstringThe user’s display name (may be empty).
signing_key_fingerprintstringSHA-256 hex of the user’s MLS signing public key (may be empty).

Status Codes

CodeCondition
200 OKSuccess.
401 UnauthorizedInvalid or expired token.

SSE Events

None.

Update Profile

Updates the authenticated user’s display name.

PATCH /api/v1/me

Authentication: Required.

Request Body — UpdateProfileRequest

FieldTypeRequiredDescription
aliasstringYesNew display name. Max 64 characters, no ASCII control characters. Set to empty string to clear.

Response Body — UpdateProfileResponse

Empty message.

Status Codes

CodeCondition
200 OKProfile updated.
400 Bad RequestAlias too long or contains control characters.
401 UnauthorizedInvalid or expired token.

SSE Events

  • GroupUpdateEvent with update_type: "member_profile" — sent to all members of all groups the user belongs to, including the sender.

Change Password

Changes the authenticated user’s password.

POST /api/v1/change-password

Authentication: Required.

Request Body — ChangePasswordRequest

FieldTypeRequiredDescription
new_passwordstringYesThe new password. Minimum 8 characters.

Response Body — ChangePasswordResponse

Empty message.

Status Codes

CodeCondition
200 OKPassword changed.
400 Bad RequestNew password too short.
401 UnauthorizedInvalid or expired token.

Notes

Existing sessions remain valid after a password change. The server does NOT invalidate other sessions.

SSE Events

None.

Reset Account

Clears the user’s server-side key packages, preparing for an MLS identity reset. The client is responsible for regenerating MLS state and rejoining groups via external commits.

POST /api/v1/reset-account

Authentication: Required.

Request Body

None.

Response Body — ResetAccountResponse

Empty message.

Status Codes

CodeCondition
200 OKKey packages cleared.
401 UnauthorizedInvalid or expired token.

Notes

This endpoint only deletes the user’s key packages on the server. The client MUST then:

  1. Wipe local MLS state (identity, signing key, group state database).
  2. Generate a new MLS signing identity and key packages.
  3. Upload the new key packages with the new fingerprint.
  4. Rejoin each group via external commit.

Group membership on the server is NOT affected — the user remains a member of all their groups.

SSE Events

None (the IdentityResetEvent is emitted later, when the user performs external joins to rejoin groups).

Delete Account

Permanently deletes the user’s account and all associated data. The server manually deletes from tables without ON DELETE CASCADE (pending_invites, messages) before deleting the user row.

POST /api/v1/delete-account

Authentication: Required.

Request Body — DeleteAccountRequest

FieldTypeRequiredDescription
passwordstringYesCurrent password for confirmation.

Response Body — DeleteAccountResponse

Empty message.

Status Codes

CodeCondition
200 OKAccount deleted.
401 UnauthorizedInvalid password or token.

Notes

This is an irreversible operation. The server:

  1. Verifies the password against the stored Argon2id hash.
  2. Collects all group memberships and their members for SSE notification.
  3. Deletes pending invites, messages, and then the user row (cascade handles remaining tables).
  4. Broadcasts MemberRemovedEvent per group to remaining members.

Remaining group members will have phantom MLS leaves for the deleted user. No removal commits exist. Other members can /rotate to advance the epoch.

SSE Events

MemberRemovedEvent is broadcast per group to all remaining members (excluding the deleted user).