Account

SERVER

The Account service allows you to authenticate and manage a user account. You can use the account service to update user information, retrieve the user sessions across different devices, and fetch the user security logs with his or her recent activity.

Register new user accounts with the Create Account, Create Magic URL session, or Create Phone session endpoint. You can authenticate the user account by using multiple sign-in methods available. Once the user is authenticated, a new session object will be created to allow the user to access his or her private data and settings.

This service also exposes an endpoint to save and read the user preferences as a key-value object. This feature is handy if you want to allow extra customization in your app. Common usage for this feature may include saving the user's preferred locale, timezone, or custom app theme.

Base URL
https://cloud.appwrite.io/v1

Get Account

Get currently logged in user data as JSON object.

  • Response
    • 200 application/json
Endpoint
GET /account
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.get()
    val json = response.body?.string()
}

Update Account Email

Update currently logged in user account email address. After changing user address, the user confirmation status will get reset. A new confirmation email is not sent automatically however you can use the send confirmation email endpoint again to send the confirmation email. For security measures, user password is required to complete this request. This endpoint can also be used to convert an anonymous account to a normal one, by passing an email address and a new password.

  • Request
    • email string
      required

      User email.

    • password string
      required

      User password. Must be at least 8 chars.

  • Response
    • 200 application/json
Endpoint
PATCH /account/email
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updateEmail(
        email = "email@example.com",
        password = "password"
    )
    val json = response.body?.string()
}

Get Account Logs

Get currently logged in user list of latest security activity logs. Each log returns user IP address, location and date and time of log.

  • Request
    • limit integer

      Maximum number of logs to return in response. By default will return maximum 25 results. Maximum of 100 results allowed per request.

  • Response
Endpoint
GET /account/logs
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.getLogs(
    )
    val json = response.body?.string()
}

Update Account Name

Update currently logged in user account name.

  • Request
    • name string
      required

      User name. Max length: 128 chars.

  • Response
    • 200 application/json
Endpoint
PATCH /account/name
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updateName(
        name = "[NAME]"
    )
    val json = response.body?.string()
}

Update Account Password

Update currently logged in user password. For validation, user is required to pass in the new password, and the old password. For users created with OAuth, Team Invites and Magic URL, oldPassword is optional.

  • Request
    • password string
      required

      New user password. Must be at least 8 chars.

    • oldPassword string

      Current user password. Must be at least 8 chars.

  • Response
    • 200 application/json
Endpoint
PATCH /account/password
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updatePassword(
        password = "password",
    )
    val json = response.body?.string()
}

Update Account Phone

Update the currently logged in user's phone number. After updating the phone number, the phone verification status will be reset. A confirmation SMS is not sent automatically, however you can use the POST /account/verification/phone endpoint to send a confirmation SMS.

  • Request
    • number string
      required

      Phone number. Format this number with a leading '+' and a country code, e.g., +16175551212.

    • password string
      required

      User password. Must be at least 8 chars.

  • Response
    • 200 application/json
Endpoint
PATCH /account/phone
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updatePhone(
        number = "",
        password = "password"
    )
    val json = response.body?.string()
}

Get Account Preferences

Get currently logged in user preferences as a key-value object.

Endpoint
GET /account/prefs
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.getPrefs()
    val json = response.body?.string()
}

Update Account Preferences

Update currently logged in user account preferences. The object you pass is stored as is, and replaces any previous value. The maximum allowed prefs size is 64kB and throws error if exceeded.

  • Request
    • prefs object
      required

      Prefs key-value JSON object.

  • Response
    • 200 application/json
Endpoint
PATCH /account/prefs
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updatePrefs(
        prefs = mapOf( "a" to "b" )
    )
    val json = response.body?.string()
}

Create Password Recovery

Sends the user an email with a temporary secret key for password reset. When the user clicks the confirmation link he is redirected back to your app password reset URL with the secret key and email address values attached to the URL query string. Use the query string params to submit a request to the PUT /account/recovery endpoint to complete the process. The verification link sent to the user's email address is valid for 1 hour.

  • Request
    • email string
      required

      User email.

    • url string
      required

      URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.

  • Response
    • 201 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests URL + EMAIL
    60 minutes 10 requests IP
Endpoint
POST /account/recovery
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.createRecovery(
        email = "email@example.com",
        url = "https://example.com"
    )
    val json = response.body?.string()
}

Create Password Recovery (confirmation)

Use this endpoint to complete the user account password reset. Both the userId and secret arguments will be passed as query parameters to the redirect URL you have provided when sending your request to the POST /account/recovery endpoint.

Please note that in order to avoid a Redirect Attack the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.

  • Request
    • userId string
      required

      User ID.

    • secret string
      required

      Valid reset token.

    • password string
      required

      New user password. Must be at least 8 chars.

    • passwordAgain string
      required

      Repeat new user password. Must be at least 8 chars.

  • Response
    • 200 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests URL + USER ID
Endpoint
PUT /account/recovery
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updateRecovery(
        userId = "[USER_ID]",
        secret = "[SECRET]",
        password = "password",
        passwordAgain = "password"
    )
    val json = response.body?.string()
}

Get Account Sessions

Get currently logged in user list of active sessions across different devices.

Endpoint
GET /account/sessions
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.getSessions()
    val json = response.body?.string()
}

Delete All Account Sessions

Delete all sessions from the user account and remove any sessions cookies from the end client.

  • Response
    • 204 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 100 requests URL + IP
Endpoint
DELETE /account/sessions
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.deleteSessions()
    val json = response.body?.string()
}

Get Session By ID

Use this endpoint to get a logged in user's session using a Session ID. Inputting 'current' will return the current session being used.

  • Request
    • sessionId string
      required

      Session ID. Use the string 'current' to get the current device session.

  • Response
Endpoint
GET /account/sessions/{sessionId}
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.getSession(
        sessionId = "[SESSION_ID]"
    )
    val json = response.body?.string()
}

Update Session (Refresh Tokens)

Access tokens have limited lifespan and expire to mitigate security risks. If session was created using an OAuth provider, this route can be used to "refresh" the access token.

  • Request
    • sessionId string
      required

      Session ID. Use the string 'current' to update the current device session.

  • Response
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests URL + IP
Endpoint
PATCH /account/sessions/{sessionId}
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updateSession(
        sessionId = "[SESSION_ID]"
    )
    val json = response.body?.string()
}

Delete Account Session

Use this endpoint to log out the currently logged in user from all their account sessions across all of their different devices. When using the Session ID argument, only the unique session ID provided is deleted.

  • Request
    • sessionId string
      required

      Session ID. Use the string 'current' to delete the current device session.

  • Response
    • 204 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 100 requests URL + IP
Endpoint
DELETE /account/sessions/{sessionId}
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.deleteSession(
        sessionId = "[SESSION_ID]"
    )
    val json = response.body?.string()
}

Update Account Status

Block the currently logged in user account. Behind the scene, the user record is not deleted but permanently blocked from any access. To completely delete a user, use the Users API instead.

  • Response
    • 200 application/json
Endpoint
PATCH /account/status
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updateStatus()
    val json = response.body?.string()
}

Create Email Verification

Use this endpoint to send a verification message to your user email address to confirm they are the valid owners of that address. Both the userId and secret arguments will be passed as query parameters to the URL you have provided to be attached to the verification email. The provided URL should redirect the user back to your app and allow you to complete the verification process by verifying both the userId and secret parameters. Learn more about how to complete the verification process. The verification link sent to the user's email address is valid for 7 days.

Please note that in order to avoid a Redirect Attack, the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.

  • Request
    • url string
      required

      URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.

  • Response
    • 201 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests URL + USER ID
Endpoint
POST /account/verification
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.createVerification(
        url = "https://example.com"
    )
    val json = response.body?.string()
}

Create Email Verification (confirmation)

Use this endpoint to complete the user email verification process. Use both the userId and secret parameters that were attached to your app URL to verify the user email ownership. If confirmed this route will return a 200 status code.

  • Request
    • userId string
      required

      User ID.

    • secret string
      required

      Valid verification token.

  • Response
    • 200 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests URL + USER ID
Endpoint
PUT /account/verification
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updateVerification(
        userId = "[USER_ID]",
        secret = "[SECRET]"
    )
    val json = response.body?.string()
}

Create Phone Verification

Use this endpoint to send a verification SMS to the currently logged in user. This endpoint is meant for use after updating a user's phone number using the accountUpdatePhone endpoint. Learn more about how to complete the verification process. The verification code sent to the user's phone number is valid for 15 minutes.

  • Response
    • 201 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests USER ID
Endpoint
POST /account/verification/phone
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.createPhoneVerification()
    val json = response.body?.string()
}

Create Phone Verification (confirmation)

Use this endpoint to complete the user phone verification process. Use the userId and secret that were sent to your user's phone number to verify the user email ownership. If confirmed this route will return a 200 status code.

  • Request
    • userId string
      required

      User ID.

    • secret string
      required

      Valid verification token.

  • Response
    • 200 application/json
  • Rate limits

    This endpoint is not limited when using Server SDKs with API keys. If you are using SSR with setSession, these rate limits will still apply. Learn more about SSR rate limits.

    The limit is applied for each unique limit key.

    Time frame
    Attempts
    Key
    60 minutes 10 requests USER ID
Endpoint
PUT /account/verification/phone
Kotlin
import io.appwrite.Client
import io.appwrite.services.Account

suspend fun main() {
    val client = Client(context)
      .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint
      .setProject("5df5acd0d48c2") // Your project ID
      .setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...") // Your secret JSON Web Token

    val account = Account(client)
    val response = account.updatePhoneVerification(
        userId = "[USER_ID]",
        secret = "[SECRET]"
    )
    val json = response.body?.string()
}