Account API
The Account API exposes the current user's account record plus the GDPR-compliant data portability and right-to-erasure endpoints. All endpoints require a valid JWT token obtained from POST /platform/v1/auth/login.
Base URL: https://api.zeridion.com/platform/v1
GET /platform/v1/account
Return the Account row owned by the authenticated user. One account row is created automatically the first time a user signs up (the same time the first project is created), so this endpoint is the canonical way for the dashboard to discover the current user's account ID and display name.
Authentication: JWT required.
Request
GET /platform/v1/account
Authorization: Bearer <jwt_token>
Response
200 OK
{
"id": "acct_01JAXBKM3N4P5Q6R7S8T9UVWXY",
"name": "Acme Corp"
}
| Field | Type | Description |
|---|---|---|
id | string | Account identifier. |
name | string | Display name of the account. |
Errors
| Status | Code | When |
|---|---|---|
| 401 | unauthorized | Missing or invalid JWT. |
| 404 | account_not_found | The authenticated user has no account record yet. |
For the richer profile object that bundles user, account, products, and projects together, use
GET /platform/v1/auth/meinstead.
GET /platform/v1/account/export
Export all data associated with your account as a streamed JSON file. This endpoint fulfils the GDPR Article 20 right to data portability.
Rate limit. Exports are throttled to one request per user within any 60-second window. The first successful call starts the cooldown; any subsequent call before it expires returns
429 rate_limit_exceeded. The cooldown is not a fixed "1/min" tumbling window — it is anchored to the timestamp of the most recent successful export, so a call att=0sblocks a call att=59sbut lets a call att=61sthrough.
Streaming. The response is written directly to the wire as it is generated — the API never buffers the full export in memory. Jobs and audit-log rows are paginated server-side in 500-row keyset pages, so memory stays bounded regardless of project size.
Authentication: JWT required.
Request
GET /platform/v1/account/export
Authorization: Bearer <jwt_token>
No request body.
Response
200 OK
Returns a JSON file download (Content-Disposition: attachment; filename="zeridion-export-<userId>.json").
The response includes an ETag header whose value is the HMAC-SHA256 hex signature of the response body, computed using the server's JWT secret. You can use this to verify the file has not been tampered with.
Content-Type: application/json
Content-Disposition: attachment; filename="zeridion-export-usr_01JAXBKM3N4P5Q6R7S8T9UVWXY.json"
ETag: "a3f9d2e1c4b7a8f0..."
Export structure
{
"exported_at": "2026-05-11T12:00:00.000Z",
"user": {
"id": "usr_01JAXBKM3N4P5Q6R7S8T9UVWXY",
"email": "you@example.com",
"created_at": "2025-01-01T00:00:00.000Z"
},
"account": {
"id": "acct_01...",
"name": "My Account",
"created_at": "2025-01-01T00:00:00.000Z"
},
"projects": [
{
"id": "prj_01...",
"name": "My Project",
"plan": "starter",
"api_key_prefix": "zf_live_sk_abc123",
"created_at": "2025-01-01T00:00:00.000Z"
}
],
"jobs": [
{
"id": "job_01...",
"project_id": "prj_01...",
"job_type": "email.send",
"state": "succeeded",
"created_at": "2026-04-01T10:00:00.000Z",
"completed_at": "2026-04-01T10:00:01.000Z"
}
],
"recurring_jobs": [],
"alert_settings": [],
"daily_usage": [],
"audit_logs": []
}
Fields:
| Field | Description |
|---|---|
exported_at | UTC timestamp when the export was generated. |
user | Your user record. |
account | Your account record, or null if no account entity exists yet. |
projects | All projects owned by your user (API key hashes are never exported). |
jobs | Jobs created in the past 90 days across all your projects. |
recurring_jobs | All recurring job definitions across your projects. |
alert_settings | All alert channel configurations. |
daily_usage | Per-project daily job counts. |
audit_logs | Audit events from the past 90 days. |
Error responses
| Status | Code | When |
|---|---|---|
| 401 | unauthorized | Missing or invalid JWT token. |
| 404 | user_not_found | The authenticated user does not exist. |
DELETE /platform/v1/account
Permanently delete your account. This endpoint fulfils the GDPR Article 17 right to erasure.
:::danger Irreversible Account deletion is permanent and cannot be undone. All projects, jobs, recurring job definitions, alert settings, and usage history are deleted. The encrypted TOTP secret and any unused recovery codes are also deleted as part of the cascade — re-creating an account with the same email will start with 2FA disabled.
Your Stripe subscription is NOT cancelled by this endpoint. Stripe data lives outside the Zeridion database; the Stripe customer record and any active subscription remain on Stripe's side and will continue to bill your card on the normal cadence. Cancel the subscription from the Stripe Customer Portal before calling DELETE /platform/v1/account, or contact support.
:::
Request
DELETE /platform/v1/account?confirm=you@example.com
Authorization: Bearer <jwt_token>
Query parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
confirm | string | Yes | Your account email address, exactly as registered. Must match case-insensitively. |
The ?confirm=<email> query parameter is required to prevent accidental deletion. The value must match the email address on your account (case-insensitive).
What is deleted
The cascade chain runs in this order:
- An audit log entry is written to the first project before deletion begins.
- All projects owned by your account are deleted, which cascades to: jobs, recurring jobs, alert settings, audit logs, daily usage records.
- Your user record is deleted, which cascades to: account, product entitlements.
Not deleted: Your Stripe customer record. Cancel your subscription from the Stripe Customer Portal before deleting your account, or contact support.
Response
204 No Content
No response body.
Error responses
| Status | Code | When |
|---|---|---|
| 400 | confirm_required | ?confirm parameter is missing or does not match your email. |
| 401 | unauthorized | Missing or invalid JWT token. |
| 404 | user_not_found | The authenticated user does not exist. |
curl example
curl -X DELETE \
"https://api.zeridion.com/platform/v1/account?confirm=you%40example.com" \
-H "Authorization: Bearer <jwt_token>"
API key management
To rotate or revoke a project's API key, see the Projects — Key Management section of the Authentication reference.
See also
- Projects API — list projects, manage memberships, rotate keys
- Authentication — bearer-token format and key prefix conventions
- Billing API — read the current plan and Stripe customer-portal session