oCoreoCore Docs
API Reference

Account

Confirm email address change

Validates the email change token and updates the user's email. Redirects to the login page.

GET
/auth/verify-email-change

Query Parameters

tokenRequiredstring

Email change verification token

curl -X GET "//api.ocore.dev/api/auth/verify-email-change?token=%3Cstring%3E"

Redirect to login page

Request email address change

Initiates an email change by sending a verification link to the new email address. Requires password confirmation.

POST
/user/change-email

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

New email and password

newEmailstring
passwordstring
curl -X POST "//api.ocore.dev/api/user/change-email" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "newEmail": "string",
    "password": "string"
  }'

OK

{
  "message": "string"
}

Change account password

Changes the user's password after verifying the current password. Optionally revokes other sessions.

POST
/user/change-password

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Password change request

currentPasswordstring
newPasswordstring
revokeOtherSessionsboolean
curl -X POST "//api.ocore.dev/api/user/change-password" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "currentPassword": "string",
    "newPassword": "string",
    "revokeOtherSessions": true
  }'

OK

{
  "message": "string"
}

List connected OAuth accounts

Returns all linked OAuth accounts for the authenticated user and whether a password is set.

GET
/user/connected-accounts

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X GET "//api.ocore.dev/api/user/connected-accounts" \
  -H "Authorization: <token>"

OK

{
  "accounts": [
    {
      "avatarUrl": "string",
      "createdAt": "string",
      "displayName": "string",
      "email": "string",
      "id": "string",
      "provider": "string",
      "providerUserId": "string"
    }
  ],
  "hasPassword": true
}

Removes a connected OAuth account. Requires password verification and cannot unlink the last auth method.

DELETE
/user/connected-accounts/{id}

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Password for verification

passwordstring

Path Parameters

idRequiredstring

OAuth account UUID

curl -X DELETE "//api.ocore.dev/api/user/connected-accounts/<string>" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "string"
  }'

OK

{
  "message": "string"
}

Deactivate user account

Deactivates the authenticated user's account. Requires confirmation text and password (if set). Clears auth cookies.

POST
/user/deactivate

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Confirmation and password

confirmTextstring
passwordstring
curl -X POST "//api.ocore.dev/api/user/deactivate" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "confirmText": "string",
    "password": "string"
  }'

OK

{
  "message": "string"
}

List login history

Returns the last 20 login events for the authenticated user, including device info and geo-location.

GET
/user/login-history

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X GET "//api.ocore.dev/api/user/login-history" \
  -H "Authorization: <token>"

OK

{
  "events": [
    {
      "city": "string",
      "country": "string",
      "createdAt": "string",
      "deviceName": "string",
      "deviceType": "string",
      "failureReason": "string",
      "id": "string",
      "ipAddress": "string",
      "provider": "string",
      "success": true,
      "userAgent": "string"
    }
  ]
}

Set password for OAuth-only account

Sets a password for users who signed up via OAuth and don't have a password yet.

POST
/user/set-password

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

New password

newPasswordstring
curl -X POST "//api.ocore.dev/api/user/set-password" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "newPassword": "string"
  }'

OK

{
  "message": "string"
}

Was this page helpful?
Edit on GitHub

Auth

Previous Page

Sessions

Next Page