Skip to main content

Users

Base path: /api/users

POST /signup

Creates a new user account and automatically provisions a Stellar wallet.

Public endpoint - no token required.

Request Body

{
  "username": "testuser",
  "email": "testuser@example.com",
  "password": "securepassword",
  "firstName": "Test",
  "lastName": "User"
}

Responses

201 - Success:

{
  "message": "You signed up successfully! :)",
  "userId": "uuid-here"
}

400 - Email or username already exists:

{
  "error": "You've already signed up!"
}

POST /login

Authenticates a user and returns a JWT token valid for 1 hour. The identifier field accepts either a username or email address.

Public endpoint - no token required.

Request Body

{
  "identifier": "testuser",
  "password": "securepassword"
}

Responses

200 - Success:

{
  "message": "Login successful",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "profile": {
    "username": "testuser",
    "email": "testuser@example.com",
    "firstName": "Test",
    "lastName": "User",
    "stellarPublicKey": "GDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  }
}

GET /profile

Returns the authenticated user's profile, including their Stellar public and secret keys.

Requires authentication.

warning

The response includes the user's stellarSecretKey. This key grants full control over the user's Stellar wallet and should never be logged, stored in plain text on the client or exposed without HTTPS. In a production environment, consider whether returning the secret key to the client is necessary at all.

Responses

200 - Success:

{
  "username": "testuser",
  "email": "testuser@example.com",
  "firstName": "Test",
  "lastName": "User",
  "stellarPublicKey": "GDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "stellarSecretKey": "SXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

POST /send-reset-password-email

Sends a password reset link to the user's email. The link expires after 1 hour.

Public endpoint - no token required.

Request Body

{
  "email": "testuser@example.com"
}

Responses

200 - Success:

{
  "message": "Check your e-mail, a password reset link has been sent"
}

POST /reset-password

Resets the user's password using the token from the reset email.

Public endpoint - no token required.

Request Body

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "newPassword": "newSecurePassword"
}

Responses

200 - Success:

{
  "message": "Password reset successful"
}

401 - Token expired:

{
  "error": "Token expired"
}

403 - Invalid token:

{
  "error": "Invalid token"
}