Get Current Session

GET

api

shared

users

session

Get Current Session

curl --request GET \
  --url https://api.example.com/api/v1/shared/users/me/session \
  --header 'Authorization: Bearer <token>'

{
  "role": "<string>",
  "roles": [
    "<string>"
  ],
  "permissions": [
    "<string>"
  ],
  "featureFlags": [
    "<string>"
  ]
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Response

200 - application/json

Successful Response

Authz primitives for the current session, surfaced to the frontend.

Lightweight pass-through of JWT claims relevant to client-side gating (entitlements + role + permissions). Cached aggressively in the FE. Display data lives on /me, not here.

role

string

required

roles

string[]

required

permissions

string[]

required

featureFlags

string[]

required

Get Current User ProfileGet the current user's profile. Returns user info, organization details, and all assignments with ship data. Role is sourced from the JWT (authoritative) rather than the DB. The avatar URL is resolved server-side — custom uploaded photo (if any) wins over the WorkOS-provided URL.

Get Current Session

curl --request GET \
  --url https://api.example.com/api/v1/shared/users/me/session \
  --header 'Authorization: Bearer <token>'

{
  "role": "<string>",
  "roles": [
    "<string>"
  ],
  "permissions": [
    "<string>"
  ],
  "featureFlags": [
    "<string>"
  ]
}