Identity Service
The Identity Service exposes user identity and organization data to third-party applications through /v1/identity/*. Everything here requires a user token obtained via the Authorization Code + PKCE flow.
Base URL: /v1/identity/
Scopes: identity (full access), identity:read, identity:write.
Current User
Get current user
GET /v1/identity/users/me
Scopes: identity or identity:read
curl https://api.typograph.nl/v1/identity/users/me \
-H "Authorization: Bearer $USER_TOKEN"
Response:
{
"id": "019b28fb-a11e-7641-a28f-e978f892ec06",
"email": "user@example.com",
"name": "John Doe",
"handle": "johndoe",
"email_verified": true,
"created_at": "<ISO 8601 timestamp>",
"settings": {
"locale": "en",
"timezone": "Europe/Amsterdam"
}
}
Update current user
PATCH /v1/identity/users/me
Scopes: identity or identity:write
Granted Scopes
Get scopes granted to the current token
GET /v1/identity/oauth/scopes/me
Scopes: identity or identity:read
Returns the effective scope set on the current access token — useful for feature-gating in your UI without doing token introspection yourself.
Organizations
Every OAuth client and every API request is attributed to an organization. Organizations carry the subscription plan and the rate-limit quotas.
| Endpoint | Method | Scopes |
|---|---|---|
/v1/identity/organizations | GET | identity / identity:read |
/v1/identity/organizations | POST | identity / identity:write |
/v1/identity/organizations/{id} | GET | identity / identity:read |
/v1/identity/organizations/{id} | PATCH | identity / identity:write |
List organizations
curl https://api.typograph.nl/v1/identity/organizations \
-H "Authorization: Bearer $USER_TOKEN"
Returns the organizations the authenticated user is a member of. Uses standard pagination.
Organization members
| Endpoint | Method | Scopes |
|---|---|---|
/v1/identity/organizations/{id}/members | GET | identity / identity:read |
/v1/identity/organizations/{id}/members | POST | identity / identity:write |
/v1/identity/organizations/{orgId}/members/{memberId} | GET | identity / identity:read |
/v1/identity/organizations/{orgId}/members/{memberId} | PATCH | identity / identity:write |
/v1/identity/organizations/{orgId}/members/{memberId} | DELETE | identity / identity:write |
Member object:
{
"id": "019b28fb-a11e-7641-a28f-e978f892ec07",
"user_id": "019b28fb-a11e-7641-a28f-e978f892ec06",
"email": "user@example.com",
"name": "John Doe",
"role": "owner",
"joined_at": "<ISO 8601 timestamp>"
}
Error Responses
| Status | Error | Description |
|---|---|---|
401 | unauthorized | Missing or invalid token |
403 | access_denied | Missing scope for the requested endpoint |
403 | invalid_token_type | Client token used on a user-only endpoint |
404 | not_found | User, organization, or member does not exist |
422 | validation_error | Field validation failed |
Standard error envelope (see API Overview → Error Handling):
{
"error": "validation_error",
"error_description": "Request validation failed",
"request_id": "019397ab-cdef-7890-abcd-ef1234567890",
"details": [
{ "field": "name", "code": "required", "message": "Name is required." }
]
}
Managing OAuth Clients
OAuth applications (client ID / client secret) are created and managed in the Typograph Portal, not via the public API. See Authentication → Getting Credentials.