Returns the authenticated caller's public identity (see MeResponse).
const url = 'https://api.featureflip.io/api/v1/me';const options = {method: 'GET', headers: {Authorization: '<Authorization>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://api.featureflip.io/api/v1/me \ --header 'Authorization: <Authorization>'Authorizations
Section titled “Authorizations”Responses
Section titled “Responses”OK
The authenticated caller’s identity, returned by GET /api/v1/me. The public API
authenticates two kinds of principal, so this is a type-discriminated shape.
A "user" caller (a session/JWT user or a personal access token, ffp_...) carries
email + emailVerified. A "service_token" caller (ffs_...) has no
backing user row, so it carries organizationId + role + projectScope (the
token’s org, its role in that org, and its project allowlist) instead. The type-inapplicable
fields are omitted from the response body. projectScope is omitted for an unrestricted
service token (access to every project), never an empty list.
object
Examplegenerated
{ "type": "example", "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "name": "example", "email": "example", "emailVerified": true, "organizationId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "role": "example", "projectScope": [ "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0" ]}Headers
Section titled “Headers”The maximum number of requests permitted per rate-limit window for this caller.
The number of requests remaining in the current rate-limit window.
The UTC time at which the current rate-limit window resets, as a Unix timestamp in seconds.
Unauthorized
The frozen public-API error contract. error codes are stable snake_case strings. Wire keys
are frozen snake_case too (error, message, docs_url, fields,
retry_after) — the global camelCase naming policy would otherwise emit
docsUrl/retryAfter, breaking the published spec. !:JsonPropertyName
always wins over the policy, so these are pinned explicitly rather than relying on the
property names already being lowercase for the single-word ones.
did_you_mean and next_actions are ADDITIVE optional keys (null → omitted via
the global DefaultIgnoreCondition = WhenWritingNull), so pre-existing error bodies
are byte-for-byte unchanged when they’re absent.
object
object
object
Example
{ "error": "not_found", "message": "Flag 'new-checkout-flw' was not found in project 'checkout'.", "docs_url": "https://featureflip.io/docs/management-api/errors/not_found", "did_you_mean": [ "new-checkout-flow" ], "next_actions": [ { "method": "GET", "path": "/api/v1/orgs/acme/projects/checkout/flags" } ]}Headers
Section titled “Headers”The maximum number of requests permitted per rate-limit window for this caller.
The number of requests remaining in the current rate-limit window.
The UTC time at which the current rate-limit window resets, as a Unix timestamp in seconds.
Rate limit exceeded. Retry after the interval indicated by the Retry-After header.
The frozen public-API error contract. error codes are stable snake_case strings. Wire keys
are frozen snake_case too (error, message, docs_url, fields,
retry_after) — the global camelCase naming policy would otherwise emit
docsUrl/retryAfter, breaking the published spec. !:JsonPropertyName
always wins over the policy, so these are pinned explicitly rather than relying on the
property names already being lowercase for the single-word ones.
did_you_mean and next_actions are ADDITIVE optional keys (null → omitted via
the global DefaultIgnoreCondition = WhenWritingNull), so pre-existing error bodies
are byte-for-byte unchanged when they’re absent.
object
object
object
Example
{ "error": "not_found", "message": "Flag 'new-checkout-flw' was not found in project 'checkout'.", "docs_url": "https://featureflip.io/docs/management-api/errors/not_found", "did_you_mean": [ "new-checkout-flow" ], "next_actions": [ { "method": "GET", "path": "/api/v1/orgs/acme/projects/checkout/flags" } ]}Headers
Section titled “Headers”Number of seconds to wait before retrying the request.
The maximum number of requests permitted per rate-limit window for this caller.
The number of requests remaining in the current rate-limit window.
The UTC time at which the current rate-limit window resets, as a Unix timestamp in seconds.