Get My Profile
Returns the authenticated user’s own profile, including the programme codes they belong to and the resolved RBAC permissions for their role. The frontend can use permissions to gate UI elements (hide buttons, disable forms, etc.) without making per-action permission checks.
Authentication
Requires a valid access token (any role).
Example request
curl https://staging-be.mind.miva.university/v1/users/me \
-H "Authorization: Bearer <access_token>"
Response
{
"success": true,
"data": {
"id": "6650a1b2c3d4e5f6a7b8c9d0",
"email": "jane.smith@example.com",
"first_name": "Jane",
"last_name": "Smith",
"middle_name": null,
"display_name": "Jane Smith",
"role_id": "6650a0b1c2d3e4f5a6b7c8d9",
"role_name": "Faculty",
"status": "active",
"title": null,
"department": null,
"unlimited_sessions": false,
"programme_codes": ["MPH", "MBA"],
"last_activity_at": "2026-04-29T12:00:00Z",
"created_at": "2026-01-15T10:30:00Z",
"updated_at": null,
"permissions": {
"CASE_STUDIES": {
"can_view": true,
"can_create": true,
"can_edit": true,
"can_delete": false,
"can_export": false
},
"KNOWLEDGE_BASES": {
"can_view": true,
"can_create": true,
"can_edit": true,
"can_delete": false
},
"PROGRAMMES": {
"can_view": true,
"can_create": false,
"can_edit": false,
"can_delete": false
}
}
},
"message": null
}
Field reference
| Field | Description |
|---|
programme_codes | Programmes the user belongs to (e.g. MPH, MBA). Drives which case studies they can access. Empty list = no programme affiliation. |
permissions | Resolved RBAC permissions for this user’s role. Module key → action key → bool. Snapshotted at request time — refresh /me after a role change to see updates. Empty object if the user has no role. |
Update My Profile
Update the authenticated user’s own profile. Only send the fields you want to change.
Authentication
Requires a valid access token (any role).
Request body
First name. Max 255 characters.
Last name. Max 255 characters.
Job title. Max 100 characters.
Department name. Max 255 characters.
Example request
curl -X PATCH https://staging-be.mind.miva.university/v1/users/me \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
"first_name": "Jane",
"last_name": "Smith-Jones",
"department": "Computer Science"
}'
Response
Returns the full updated user profile (same shape as Get My Profile).
Change Password
POST /v1/users/me/change-password
Authentication
Requires a valid access token (any role).
Request body
The user’s current password.
New password. Min 8 characters, max 100.
Example request
curl -X POST https://staging-be.mind.miva.university/v1/users/me/change-password \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
"current_password": "oldpassword",
"new_password": "newstrongpassword123"
}'
Response
{
"success": true,
"data": null,
"message": "Password changed successfully"
}
Error responses
| Status | Code | Condition |
|---|
401 | AUTHENTICATION_ERROR | Current password is incorrect |
422 | VALIDATION_ERROR | New password doesn’t meet requirements |
