Skip to main content
Returns the identity of the authenticated user. Useful as a pre-flight check that your API key is valid and to inspect tier-gated capabilities before invoking expensive runs.

Endpoint

GET /api/whoami

Authentication

Works with both session cookie and API key auth. Any authenticated request — no specific capability required.

Response

{
  "user": {
    "id": "u_abc123...",
    "email": "you@example.com",
    "role": "user",
    "tier": "pro",
    "approved": true
  }
}
user.id
string
The user’s internal id.
user.email
string
The user’s email address.
user.role
string
Either user or admin. Admin role bypasses tier gates and rate limits.
user.tier
string
One of free, pro, business, enterprise, or a custom tier id.
user.approved
boolean
Whether the account is approved. New accounts go through a brief approval step before they can run workflows.

Use cases

  • Pre-flight validation — call this before any expensive workflow run to confirm your key works without paying for a real execution.
  • Tier-aware routing — branch your script depending on the tier (skip Business-only models if user.tier === 'pro').
  • CI smoke test — assert user.approved === true and user.email matches the expected account before production deploys.

Example

curl https://knouds.ai/api/whoami \
  -H "x-api-key: $KNOUDS_KEY"

Notes

  • For richer identity (credit balance, top-up balance, business status, onboarding state) the session-only endpoint /api/me returns more fields. That endpoint requires a browser session cookie and rejects API keys.
  • A 401 response means the key is missing, revoked, or pre-Phase-11 (see LEGACY_KEY_RETIRED).