User and organization
Current user profile, org membership, and org settings mutations.
User and org routes manage the signed-in account and organization metadata. Most org-setting mutations require a browser session with step-up and reject API-key callers.
User profile
| Method | Path | Description |
|---|---|---|
GET | /api/v1/user | Current user profile. |
PATCH | /api/v1/user | Update display name and profile fields. |
POST | /api/v1/user/avatar | Upload avatar image. |
PATCH | /api/v1/users/me/password | Change password (requires current password). |
GET | /api/v1/auth/me | Session identity, org context, and feature flags. |
Dashboard login, passkeys, TOTP, and step-up flows live under /api/v1/auth/* — see Authentication and Passkeys and 2FA.
Language and localization
| Method | Path | Description |
|---|---|---|
GET | /api/v1/settings/language | Returns locale (the user's saved interface language), appLocale (the resolved app locale and text direction), agentCommunicationLocale, and resolvedAgentLanguage. |
PATCH | /api/v1/settings/language | Update locale and/or agentCommunicationLocale; at least one is required. Each is validated as a language tag. |
locale sets the interface language — Alumia ships 25 app locales (English, Arabic, and 23 European languages), with Arabic rendered right-to-left. Unsupported tags fall back to English. agentCommunicationLocale sets the language agents reply in, independent of the interface. Concepts and the dashboard picker are described in Localization.
Organization
| Method | Path | Description |
|---|---|---|
GET | /api/v1/orgs/my | List org memberships and roles for the signed-in user. |
GET | /api/v1/orgs/:slug | Org details for a slug the caller belongs to. |
PATCH | /api/v1/orgs/:slug | Update org name, slug, or logo — browser session + step-up only. |
Org settings UI is at /<orgSlug>/settings. Workspace membership and switching are documented in Workspaces.
API keys vs browser session
| Surface | Use for |
|---|---|
| API key | Automation, chat, files, billing reads, most operational APIs |
| Browser session + step-up | Org settings, project sharing, skill edits, API key mint/revoke |