Get Profile

GET/api/v1/users/me

Returns the authenticated patient's own profile. Self-only — operates on the JWT subject. Any underlying undefined values are normalized to null in the response.

cv-api-key + Bearer accessToken

Productionhttps://api.care360-next.carevalidate.com/api/v1/users/me

Staginghttps://api-staging.care360-next.carevalidate.com/api/v1/users/me

note

Both cv-api-key and Authorization: Bearer <accessToken> are required. The access token is obtained from /verify-otp.

Headers

cv-api-keystringrequired

Your unique API key for authentication.

Authorizationstringrequired

Bearer access token from /verify-otp.

Example: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9...

Behavior

The patientPortalAuth() middleware authenticates the request and resolves the calling user.
The handler returns the full patient profile mapped from the User row.
If the user record is missing (e.g. deleted between token mint and request), the server returns 404 VALIDATION_ERROR "Patient not found" — defensive only; the auth middleware itself already rejects deleted users.

Profile Object

See the Profile Overview for the full field list. The profile contains exactly 17 fields and any underlying undefined value is normalized to null.

Example Request

cURL
JavaScript
Python

curl -X GET '<BASE_URL>/api/v1/users/me' \
-H 'cv-api-key: <redacted>' \
-H 'Authorization: Bearer <accessToken>'

const response = await fetch(
'<BASE_URL>/api/v1/users/me',
{
  method: 'GET',
  headers: {
    'cv-api-key': '<redacted>',
    'Authorization': 'Bearer <accessToken>',
  },
}
);
const data = await response.json();
console.log(data);

import requests

response = requests.get(
  '<BASE_URL>/api/v1/users/me',
  headers={
      'cv-api-key': '<redacted>',
      'Authorization': 'Bearer <accessToken>',
  },
)
print(response.json())

Responses

▶200SuccessReturns the authenticated patient's full profile.

{
  "status": 200,
  "success": true,
  "data": {
    "profile": {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "patient@example.com",
      "firstName": "Jane",
      "lastName": "Doe",
      "phoneNumber": "+15551234567",
      "dob": "1990-05-15T00:00:00.000Z",
      "gender": "FEMALE",
      "address": "123 Main St",
      "address2": null,
      "city": "New York",
      "state": "NY",
      "country": "US",
      "postalCode": "10001",
      "allergies": "Penicillin",
      "healthConditions": "Asthma",
      "currentMedications": "Albuterol",
      "createdAt": "2025-08-01T12:34:56.000Z"
    }
  }
}

▶400Missing cv-api-keycv-api-key header is missing.

{
  "status": 400,
  "success": false,
  "error": "Missing cv-api-key header",
  "code": "VALIDATION_ERROR"
}

▶401Authentication failureAuthorization header missing/malformed; JWT invalid/expired; wrong type; org mismatch with cv-api-key; or the user no longer exists.

{
  "status": 401,
  "success": false,
  "error": "Invalid or expired token",
  "code": "VALIDATION_ERROR"
}

▶404Patient not foundDefensive — the user record was missing when the handler ran.

{
  "status": 404,
  "success": false,
  "error": "Patient not found",
  "code": "VALIDATION_ERROR"
}

Try It Out

Try itAPI Playground

▶

Headers​

Behavior​

Profile Object​

Example Request​

Responses​

Try It Out​