API Quick Reference
December 16, 2025 · View on GitHub
This is a condensed map of Malan's HTTP API. See API_DOCUMENTATION.md for request/response examples and field descriptions.
Public (no token)
POST /api/users— create userPOST /api/sessions— login (returnsapi_token)GET /api/users/whoami— token context if providedPOST /api/users/:id/reset_password— issue reset token (id or username)PUT /api/users/:id/reset_password/:tokenPUT /api/users/reset_password/:tokenGET /health_check/livenessGET /health_check/readiness
Authenticated User Routes
Token required; ToS/Privacy acceptance may be enforced (461/462) depending on deployment config.
GET /api/users/current(alias/users/me, deprecated)GET /api/users/:idPUT/PATCH /api/users/:idDELETE /api/users/:idGET /api/logs— your logs (paginated)GET /api/logs/:id— if owner or admin
Sessions
GET /api/sessions/activeGET /api/sessions/currentPUT /api/sessions/current/extend— body{ "expire_in_seconds": <secs> }PUT /api/users/:user_id/sessions/current/extend— owner/admin alias of the aboveDELETE /api/sessions/currentGET /api/users/:user_id/sessions(paginated)GET /api/users/:user_id/sessions/:idPUT /api/users/:user_id/sessions/:id/extendDELETE /api/users/:user_id/sessions/:idDELETE /api/users/:user_id/sessions— revoke all activeGET /api/users/:user_id/sessions/active
Logs
GET /api/logs— current user’s logs (paginated)GET /api/logs/:id— if owner or adminGET /api/users/:user_id/logs— owner/admin alias
Session Extensions
GET /api/sessions/:session_id/extensionsGET /api/session_extensions/:id
Contact Info
- Phone numbers:
GET/POST /api/users/:user_id/phone_numbers,GET/PUT/DELETE /api/users/:user_id/phone_numbers/:id - Addresses:
GET/POST /api/users/:user_id/addresses,GET/PUT/DELETE /api/users/:user_id/addresses/:id
Admin Routes (admin role required)
GET /api/admin/usersPUT /api/admin/users/:idPUT /api/admin/users/:id/lockPUT /api/admin/users/:id/unlockPOST /api/admin/users/:id/reset_passwordPUT /api/admin/users/:id/reset_password/:tokenPUT /api/admin/users/reset_password/:tokenGET /api/admin/sessionsDELETE /api/admin/sessions/:id- Logs:
GET /api/admin/logs,/api/admin/logs/:id,/api/admin/logs/users/:user_id,/api/admin/logs/sessions/:session_id,/api/admin/logs/who/:user_id
Handy Payloads
- Login:
{"session":{"username":"you@example.com","password":"...","expires_in_seconds":3600}} - Extend current session:
{"expire_in_seconds":3600} - Accept ToS/Privacy:
{"user":{"accept_tos":true,"accept_privacy_policy":true}}(PUT/api/users/:id)