TriportRPC
DashboardDocs

GET /v1/auth/me

GEThttps://api.triport.io/v1/auth/me

Returns the currently authenticated console user, their primary sign-in provider, and their default API key — bootstrapping that key on first login.

GET /v1/auth/me is the console session-introspection endpoint. Call it after a login flow completes (email OTP, Google OAuth, or wallet challenge/verify) and on every app boot to learn who the current user is and to hydrate the dashboard. It reads the nl_session cookie that was set during login — no API key or Bearer token applies to this route.

On the first successful /me for a user (or after their default API key has been rotated/revoked), the endpoint bootstraps a default API key: it creates a default key for the account and returns it in the default_key object with the raw secret in default_key.raw. The raw value is shown exactly once — on this bootstrap response only. Subsequent /me calls return the same key metadata but omit raw, so the client must capture and store it immediately (the frontend caches it via setCachedRawKey).

/me also performs sliding-session refresh. When the session has less than half of its TTL remaining, the server extends the session row in the database and re-issues both the nl_session and nl_csrf cookies with an extended Expires, keeping an active user logged in indefinitely. This happens transparently as a side effect of the request; the response body is unchanged.

Parameters

This endpoint takes no path, query, or body parameters. Authentication is carried by the session cookie.

nl_sessionrequired
HttpOnly session cookie issued at login. Identifies the user.

Response

200 OK — bootstrap response (first login, includes the one-time raw key):

200 OK — subsequent calls (note raw and created are absent):

{
  "user": {
    "id": "8f1c3b2a-4d5e-4f6a-9b8c-1d2e3f4a5b6c",
    "email": "[email protected]",
    "display_name": "Ada Dev",
    "avatar_url": "https://cdn.example.com/avatars/ada.png",
    "created_at": "2026-05-29T10:14:02Z",
    "updated_at": "2026-05-29T10:14:02Z"
  },
  "provider": "google",
  "default_key": {
    "id": "2b9d7e10-5a3c-4e21-8f44-7c6b5a4d3e2f",
    "key_prefix": "trp_live_a1b2",
    "scopes": ["rpc:read", "rpc:write"],
    "is_default": true
  }
}
user.idstring (UUID)
Stable account identifier.
user.emailstring
Account email.
user.display_namestring
Display name; omitted if unset.
user.avatar_urlstring
Avatar URL; omitted if unset.
user.created_atstring (RFC 3339)
Account creation timestamp.
user.updated_atstring (RFC 3339)
Last account update timestamp.
providerstring
Primary sign-in provider for the account (e.g. google, email, wallet_evm, wallet_solana). Omitted if none recorded.
default_keyobject
The account's active default API key. Omitted if generation failed transiently (a later /me will return it).
default_key.idstring (UUID)
Key identifier.
default_key.key_prefixstring
Non-secret display prefix of the key.
default_key.scopesstring[]
Scopes granted to the default key.
default_key.is_defaultboolean
Always true for this object.
default_key.rawstring
Bootstrap only. The full secret key value, shown once. Capture it immediately. Absent on subsequent calls.
default_key.createdboolean
true only when this /me call just created the key. Absent otherwise.

Errors

CodeHTTPMeaningWhen it happens
unauthenticated401No valid sessionMissing, invalid, or expired nl_session cookie.
internal500Server errorSession store or user lookup failed.

The error body follows the shared envelope { "error": "<code>" }. See errors.md for the full contract.

Examples

JavaScript (fetch)

const res = await fetch("https://api.triport.io/v1/auth/me", {
  method: "GET",
  credentials: "include", // send nl_session cookie
});


if (res.status === 401) {
  // not logged in — redirect to login
} else if (res.ok) {
  const me = await res.json();
  if (me.default_key?.raw) {
    // shown once — persist it now
    saveApiKey(me.default_key.raw);
  }
  console.log("Signed in as", me.user.email, "via", me.provider);
}

TypeScript SDK (@triport/sdk)

import { TriportConsole } from "@triport/sdk";


const console = new TriportConsole({ baseUrl: "https://api.triport.io" });


const me = await console.auth.me(); // uses the browser session cookie
if (me.default_key?.raw) {
  storeDefaultKey(me.default_key.raw); // one-time raw value
}
console.log(me.user.email, me.provider);

Python (triport-sdk)

from triport import ConsoleClient


client = ConsoleClient(base_url="https://api.triport.io")
# Attach the session cookie obtained from a prior login flow.
me = client.auth.me(session_cookie=NL_SESSION)


if me.default_key and me.default_key.raw:
    save_default_key(me.default_key.raw)  # shown once


print(me.user.email, me.provider)

Notes

  • One-time raw key: default_key.raw is only ever present on the bootstrap response. If you miss it, rotate the key (POST /v1/keys/{id}/rotate) to obtain a fresh raw value rather than calling /me again.
  • Re-bootstrap: if the default key is later revoked, the next /me creates a new default key and again returns its raw value once.
  • Sliding session: cookie refresh only fires when under half the TTL remains, so most /me calls leave the cookies untouched. The body never reflects refresh.
  • CSRF: not required for this GET. Mutating console routes (e.g. /v1/auth/logout, /v1/keys) require the nl_csrf double-submit token.
  • Related: POST /v1/auth/logout to end the session.