Authentication Model
RestoreCord accepts dashboard session tokens and scoped API keys in the Authorization header. API keys are sent as Bearer <keyId>.<secret> and are limited by their permission list and optional IP/CIDR allowlist.
API keys are automation credentials for customer API calls. Manage API keys from the RestoreCord dashboard.
Get Account
Returns the authenticated account. When called with an API key, the route intentionally returns a limited account payload.
Auth: Session or API key with READ_ACCOUNT.
GET
/api/v3/usersGet Account
Retrieve account metadata for the authenticated user.
includeOptional- Location
- query
- Type
- string
Session-auth only. Comma-separated optional sections: servers, bots, groups, onboarding, pendingRoleRestores. API-key responses ignore expanded dashboard data.
Example response JSON
{
"success": true,
"id": 123,
"username": "restorecord_user",
"email": "owner@example.com",
"role": "business",
"createdAt": "2026-06-07T10:00:00.000Z",
"expiry": "2026-07-07T10:00:00.000Z"
}- Field
id- Type
- number
- Notes
- Internal RestoreCord account ID.
- Field
username- Type
- string
- Notes
- Account username.
- Field
email- Type
- string
- Notes
- Account email address.
- Field
role- Type
- string
- Notes
- Current plan, usually
free,premium,business, orenterprise.
- Field
createdAt- Type
- string
- Notes
- ISO timestamp.
- Field
expiry- Type
- string|null
- Notes
- Subscription expiry when present.
Errors and Limits
- Status
- 401
- Code
UNAUTHORIZED- When
- Missing, expired, or invalid authentication.
- Status
- 403
- Code
FORBIDDEN- When
- The token does not have access to the requested account data.
- Status
- 429
- Code
RATE_LIMITED- When
- The request exceeded the account endpoint rate limit.
- API-key authentication returns a limited account payload.
- Expanded dashboard sections are only available to dashboard session requests.
- API-key authentication still requires each endpoint-specific permission, documented on the relevant API page.