Authentication & Account
Endpoints for authenticating users, reading and updating profile/account data, rotating API keys, and checking credit balances. All authenticated endpoints accept either a session token or an API key interchangeably.
Login
POSTNo auth (public)
https://multicartapi.com/api/v1/users/loginAuthenticate with email and password and receive a session token.
curl "https://multicartapi.com/api/v1/users/login" \
-X POST \
-H "Content-Type: application/json" \
-d '{ "email": "[email protected]", "password": "S3cur3p@ss" }'Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string (email) | Required | Registered email address. |
password | string | Required | Account password (plaintext; transmitted over HTTPS). |
Request body
{ "email": "[email protected]", "password": "S3cur3p@ss" }Response
{ "code": 200, "data": { "token": "9a8b7c6d5e4f...", "user": { "id": 42, "name": "Alice Smith", "email": "[email protected]" } }, "status": 1 }Notes
Returns a generic "Invalid email or password!" error for both unknown email and wrong password — no account-existence oracle. Store the returned token and pass it as `Authorization: Token <token>` on subsequent authenticated requests.
Get Profile
POSTAPI Key or Session Token
https://multicartapi.com/api/v1/users/profileReturn the authenticated user's profile record.
curl "https://multicartapi.com/api/v1/users/profile" \
-X POST \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'Request body
{}Response
{ "code": 200, "data": { "id": 42, "name": "Alice Smith", "email": "[email protected]", "created_at": "2025-01-15T09:00:00Z", "updated_at": "2026-06-01T12:00:00Z" }, "status": 1 }Notes
No request body required. Returns the Django User row for the caller.
Update Profile
POSTAPI Key or Session Token
https://multicartapi.com/api/v1/users/profile/updatePartially update user profile fields and email/notification preferences.
curl "https://multicartapi.com/api/v1/users/profile/update" \
-X POST \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "name": "Alice Smith", "timezone": "Australia/Brisbane", "notification_emails": true }'Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Optional | Display name. |
email | string (email) | Optional | Login email address. Changing this value changes the login credential immediately. |
timezone | string | Optional | IANA timezone identifier, e.g. `Australia/Brisbane`. |
system_emails | boolean | Optional | Opt in or out of system notification emails. |
update_emails | boolean | Optional | Opt in or out of product update emails. |
notification_emails | boolean | Optional | Opt in or out of scrape-completion notification emails. |
unused_collection_expired | string | Optional | Preference setting for unused collection expiry behaviour. |
Request body
{ "name": "Alice Smith", "timezone": "Australia/Brisbane", "notification_emails": true }Response
{ "code": 200, "data": { "id": 42, "name": "Alice Smith", "email": "[email protected]", "timezone": "Australia/Brisbane", "notification_emails": true, "updated_at": "2026-06-20T08:00:00Z" }, "status": 1 }Notes
All fields are optional — send only the fields you want to change. `api_key` and `user` ID are read-only and cannot be updated through this endpoint.
Change Password
POSTAPI Key or Session Token
https://multicartapi.com/api/v1/users/password/changeChange the account password while authenticated (requires supplying the current password).
curl "https://multicartapi.com/api/v1/users/password/change" \
-X POST \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "old_password": "S3cur3p@ss", "new_password": "N3wp@ss!" }'Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
old_password | string | Required | The user's current password. |
new_password | string | Required | The desired new password (plaintext; hashed server-side). |
Request body
{ "old_password": "S3cur3p@ss", "new_password": "N3wp@ss!" }Response
{ "code": 200, "data": "Password has been updated", "status": 1 }Notes
Distinct from the unauthenticated `/users/password/reset` flow which uses an OTP. Use this endpoint when the user is already logged in and knows their current password.
Get Account Details
POSTAPI Key or Session Token
https://multicartapi.com/api/v1/users/account-detailsReturn the user's UserAccount record, including their API key and email preferences.
curl "https://multicartapi.com/api/v1/users/account-details" \
-X POST \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'Request body
{}Response
{ "code": 200, "data": { "id": 7, "user": 42, "api_key": "aBcDeFg.xYz...", "system_emails": false, "update_emails": false, "notification_emails": false, "timezone": "Australia/Brisbane", "created_at": "2025-01-15T09:00:00Z", "updated_at": "2026-06-01T12:00:00Z" }, "status": 1 }Notes
No request body required. This is the primary way to retrieve the `api_key` value needed for `x-api-key` header authentication.
Rotate API Key
POSTAPI Key or Session Token
https://multicartapi.com/api/v1/users/api-key/update/Regenerate the user's API key, invalidating the previous key immediately.
curl "https://multicartapi.com/api/v1/users/api-key/update/" \
-X POST \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'Request body
{}Response
{ "code": 200, "data": "API Key Updated successfully!", "status": 1 }Notes
No request body required. After rotation any integrations still using the old key will receive auth failures. Retrieve the new key via `/users/account-details`.
Get Credits
POSTAPI Key or Session Token
https://multicartapi.com/api/v1/users/credits/Return the user's current credit balance including available, used, and frozen amounts.
curl "https://multicartapi.com/api/v1/users/credits/" \
-X POST \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'Request body
{}Response
{ "code": 200, "data": { "id": 5, "user": 42, "available_credits": 10000, "used_credits": 342, "frozen_credits": 0, "period_end": "2026-07-20T00:00:00Z", "created_at": "2025-01-15T09:00:00Z", "updated_at": "2026-06-20T00:00:00Z" }, "status": 1 }Notes
Remaining usable credits = `available_credits - used_credits - frozen_credits`. `period_end: null` indicates a lifetime Starter grant that never auto-resets. `frozen_credits` are credits reserved for in-flight scrape jobs.