Get Profile - Thông Tin User
API Endpoint: GET /api/v1/credentials/me
📋 Overview
Lấy thông tin user đang đăng nhập (profile, agency, roles, permissions).
When to call: After authentication to get user details and agency information.
🔌 API Specification
Endpoint
GET {{base_url}}/api/v1/credentials/me
Headers
{
"Content-Type": "application/json",
"Accept": "application/json",
"Authorization": "Bearer {access_token}"
}
Query Parameters
No query parameters required.
✅ Success Response
Status: 200 OK
{
"data": {
"id": "caff29bd-db10-4be4-981e-711e7c9e77b8",
"type": "user",
"attributes": {
"id": "caff29bd-db10-4be4-981e-711e7c9e77b8",
"first_name": "Võ",
"last_name": "Tường",
"email": "tuongvo@9solutions.vn",
"phone_number": null,
"active": true,
"locked": false,
"confirmed": true,
"admin": false,
"is_agency_owner": true,
"avatar_url": "",
"agency_id": "432ff8ad-31a7-45ed-90cc-b92e7e542271",
"roles": [
{
"id": "ca339f84-fb14-4773-a37b-778e653b8a3b",
"name": "[Role Service] ALL Permission"
}
],
"agency": {
"id": "432ff8ad-31a7-45ed-90cc-b92e7e542271",
"name": "F2 - 9S - TƯỜNG VÕ",
"code": "ST2010",
"owner_id": "caff29bd-db10-4be4-981e-711e7c9e77b8",
"parent_id": "226098d8-2f33-4d13-9a75-aad61a07dc3c",
"level": 2,
"active": true
}
}
}
}
Key Response Fields:
User Information
| Field | Type | Description |
|---|---|---|
id | string | User UUID |
email | string | User email |
first_name | string | First name |
last_name | string | Last name |
phone_number | string/null | Phone number |
active | boolean | Account active status |
locked | boolean | Account locked status |
confirmed | boolean | Email confirmed |
admin | boolean | Admin privileges |
is_agency_owner | boolean | Owner of agency |
Agency Information
| Field | Type | Description |
|---|---|---|
agency.id | string | Agency UUID |
agency.name | string | Agency name (e.g., "F2 - 9S - TƯỜNG VÕ") |
agency.code | string | Agency code (e.g., "ST2010") |
agency.level | number | Agency level (1=root, 2=sub, etc.) |
agency.active | boolean | Agency active status |
agency.parent_id | string | Parent agency UUID |
Roles & Permissions
| Field | Type | Description |
|---|---|---|
roles | array | User roles |
roles[].id | string | Role UUID |
roles[].name | string | Role name |
💡 Example: cURL
curl -X GET "{{base_url}}/api/v1/credentials/me" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {access_token}"
Response:
{
"data": {
"type": "user",
"attributes": {
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe",
"agency": {
"code": "ST2010",
"name": "My Agency"
}
}
}
}
🎯 Use Cases
1. Display User Info
const profile = response.data.attributes;
console.log("Welcome:", profile.first_name, profile.last_name);
console.log("Email:", profile.email);
console.log("Agency:", profile.agency.name);
console.log("Agency Code:", profile.agency.code);
Output:
Welcome: Võ Tường
Email: tuongvo@9solutions.vn
Agency: F2 - 9S - TƯỜNG VÕ
Agency Code: ST2010
2. Check Permissions
const isOwner = profile.is_agency_owner;
const isAdmin = profile.admin;
const hasPermission = profile.roles.some((r) =>
r.name.includes("ALL Permission"),
);
if (hasPermission) {
// Allow access to all features
}
3. Validate Account Status
if (!profile.active) {
throw new Error("Account is inactive");
}
if (profile.locked) {
throw new Error("Account is locked");
}
if (!profile.confirmed) {
throw new Error("Email not confirmed");
}
4. Agency Information
const agencyCode = profile.agency.code; // "ST2010"
const agencyName = profile.agency.name; // "F2 - 9S - TƯỜNG VÕ"
// Use in booking reports, invoices, etc.
⚠️ Important Notes
1. Agency Code Usage
The agency.code is important for:
- Booking identification
- Commission calculation
- Reporting
- Invoice generation
const agencyCode = response.data.attributes.agency.code;
// Use this in booking metadata
2. Account Validation
Always check account status:
const attr = response.data.attributes;
if (!attr.active || attr.locked || !attr.confirmed) {
// Redirect to login or show error
}
3. Response Format
Response follows JSON:API specification:
// ✅ Correct
const user = response.data.attributes;
const email = user.email;
// ❌ Wrong
const email = response.data.email; // undefined
4. Roles Array
Check specific roles:
const hasAdminRole = user.roles.some((r) =>
r.name.toLowerCase().includes("admin"),
);
🐛 Common Issues
Unauthorized (401)
Response:
{
"error": "Unauthorized"
}
Cause: Invalid or expired access token
Solution: Re-authenticate via /oauth/token
Account Locked
Response:
{
"data": {
"attributes": {
"locked": true,
"active": false
}
}
}
Action: Contact admin to unlock account
🔗 Integration Flow
📝 Typical Workflow
// 1. Authenticate
const authResponse = await fetch("/oauth/token", {
method: "POST",
body: JSON.stringify({
grant_type: "password",
email: "user@example.com",
password: "password",
client_id: "...",
client_secret: "...",
}),
});
const { access_token } = await authResponse.json();
// 2. Get profile
const profileResponse = await fetch("/api/v1/credentials/me", {
headers: {
Authorization: `Bearer ${access_token}`,
},
});
const profile = await profileResponse.json();
const user = profile.data.attributes;
// 3. Validate & store
if (user.active && !user.locked) {
// Store user info
localStorage.setItem("user_email", user.email);
localStorage.setItem("user_name", `${user.first_name} ${user.last_name}`);
localStorage.setItem("agency_code", user.agency.code);
localStorage.setItem("agency_name", user.agency.name);
// Proceed to main app
navigateToBooking();
}
🔗 Next Steps
After getting profile:
- Book Flights →
../booking-flows/README.md - Manage Bookings →
../manage-booking/01-LIST-BOOKINGS.md
📝 Notes
- Returns current logged-in user information
- Includes agency details (important for F2 system)
- Check
active,locked,confirmedstatus - Response follows JSON:API format (use
data.attributes) - Agency code (
agency.code) used throughout system - Roles array for permission checking
- Call after authentication to validate account