Skip to Content
Backend ReferenceFull Function ListAccounts & Auth Registry

Account and Team Endpoints

This page lists the main technical parts of our identity system. We use these to handle users, teams, and security.

Main API Controllers (ViewSets)

User Management (UserViewSet)

This handles the life of a user account.

  • me: This is for the frontend to get the logged-in user’s profile. We cache this in the browser so we don’t have to keep asking the server.
  • create: Used for new user sign-ups. It also automatically makes a default “Personal Team” for the new user.

Team Management (TeamViewSet)

This is the most busy part of the system. It handles groups of users.

  • activity: Shows a list of what has happened in the team (like “User A created a project”).
  • invite: Handles sending and accepting team invitations using secret tokens.
  • change_role: Changes a user from “Member” to “Admin” instantly.

Two-Factor Security (TwoFactorView)

This handles our 2FA security.

  • setup: Gives a secret code for the user to scan.
  • verify: Checks the code from the user’s phone to turn on 2FA.

Technical Security Rules

Permission Checks

  • IsTeamAdmin: A rule that only let’s admins change team settings. It looks at the TeamMembership table.
  • IsSelf: A rule that prevents one user from changing another user’s password.

Data Privacy (Serializers)

  • TeamMemberSerializer: This is a list of team members that is safe to show. It automatically hides sensitive data like passwords.
Last updated on
External IntelligenceAnalysis Registry