Profile

GET /profile

Get the current user's profile.

Auth required: Yes

Response

{
  "id": "user_abc",
  "username": "alice",
  "displayName": "Alice",
  "email": "alice@example.com",
  "avatarText": "AL",
  "role": "user",
  "permissions": ["connections.create"],
  "dismissedWarnings": []
}

PUT /profile

Update display name, email, or avatar.

Auth required: Yes

Request body

{
  "displayName": "Alice Smith",
  "email": "alice@example.com",
  "avatarText": "AS"
}

Response

{ "success": true }

PUT /profile/password

Change the current user's password.

Auth required: Yes

Request body

{
  "currentPassword": "old-password",
  "newPassword": "new-password-min-8"
}

Response

{ "success": true }

GET /profile/ssh-prefs

Get SSH terminal preferences (font, cursor, theme, etc.).

Auth required: Yes

Response

{
  "fontFamily": "monospace",
  "fontSize": 14,
  "cursorStyle": "block",
  "cursorBlink": true,
  "theme": "dark",
  "scrollback": 1000
}

PUT /profile/ssh-prefs

Save SSH terminal preferences.

Auth required: Yes

Request body (all fields optional)

{
  "fontFamily": "JetBrains Mono",
  "fontSize": 15,
  "cursorStyle": "bar",
  "cursorBlink": false,
  "theme": "dracula",
  "scrollback": 5000
}

Response

{ "ok": true }

DELETE /profile/ssh-prefs

Reset SSH preferences to global defaults.

Auth required: Yes

Response

{ "ok": true }

GET /profile/mfa/status

Check whether MFA is currently enabled.

Auth required: Yes

Response

{ "enabled": false }

POST /profile/mfa/setup

Generate a TOTP secret and QR code to display in an authenticator app.

Auth required: Yes

Response

{
  "secret": "BASE32SECRET",
  "qrDataUrl": "data:image/png;base64,..."
}

POST /profile/mfa/verify

Confirm the TOTP code and enable MFA.

Auth required: Yes
Rate limited: 5 attempts / 5 min per user

Request body

{ "token": "123456" }

Response

{ "ok": true }

POST /profile/mfa/disable

Disable MFA (requires password confirmation).

Auth required: Yes

Request body

{ "password": "current-password" }

Response

{ "ok": true }

POST /profile/dismiss-warning

Dismiss a named warning banner so it no longer appears.

Auth required: Yes

Request body

{ "warning": "insecure-key" }

Response

{ "ok": true }

GET /profile/login-sessions

List all active login sessions for the current user.

Auth required: Yes

Response

{
  "sessions": [
    {
      "id": "session_abc",
      "browser": "Chrome 123",
      "os": "Windows",
      "ipAddress": "1.2.3.4",
      "createdAt": "2024-01-01T00:00:00.000Z",
      "lastUsedAt": "2024-01-02T00:00:00.000Z",
      "isCurrent": true
    }
  ]
}

DELETE /profile/login-sessions/:id

Revoke a specific login session.

Auth required: Yes

Response

{ "ok": true }

DELETE /profile/login-sessions

Revoke all sessions except the current one.

Auth required: Yes

Response

{ "ok": true }

GET /profile​

PUT /profile​

PUT /profile/password​

GET /profile/ssh-prefs​

PUT /profile/ssh-prefs​

DELETE /profile/ssh-prefs​

GET /profile/mfa/status​

POST /profile/mfa/setup​

POST /profile/mfa/verify​

POST /profile/mfa/disable​

POST /profile/dismiss-warning​

GET /profile/login-sessions​

DELETE /profile/login-sessions/:id​

DELETE /profile/login-sessions​

GET /profile

PUT /profile

PUT /profile/password

GET /profile/ssh-prefs

PUT /profile/ssh-prefs

DELETE /profile/ssh-prefs

GET /profile/mfa/status

POST /profile/mfa/setup

POST /profile/mfa/verify

POST /profile/mfa/disable

POST /profile/dismiss-warning

GET /profile/login-sessions

DELETE /profile/login-sessions/:id

DELETE /profile/login-sessions