Session management — TaxMaxi Auth API

Once you have a session token from login or an OAuth callback, all session management endpoints let you inspect and update your account. Every endpoint in this section requires an Authorization: Bearer <token> header. If your token has expired or is otherwise invalid, you will receive a 401 SessionInvalidError — log in again to get a new one.

GET /auth/me

Returns the authenticated user’s profile and all linked provider identities.

Response — 200 OK

user

object

required

Hide user properties

string

required

Unique identifier for the user.

string

required

The user’s email address.

displayName

string

The user’s display name, if set.

createdAt

string

required

ISO 8601 timestamp of when the account was created.

updatedAt

string

required

ISO 8601 timestamp of the most recent profile update.

identities

object[]

required

All authentication provider identities linked to this account.

Show identity properties

string

required

Unique identifier for this identity. Use this with DELETE /auth/identities/:identityId to unlink.

provider

string

required

The provider this identity belongs to, e.g. "local" or "coinbase".

createdAt

string

required

ISO 8601 timestamp of when this identity was linked.

Errors

Status	Error	Description
401	`SessionInvalidError`	The token is expired or invalid. Log in again.
404	`AuthUserNotFoundError`	No user was found for the authenticated session.

curl --request GET \
  --url https://api.taxmaxi.com/auth/me \
  --header 'Authorization: Bearer YOUR_TOKEN'

Response

{
  "user": {
    "id": "usr_01HXYZ...",
    "email": "[email protected]",
    "displayName": "Max Mustermann",
    "createdAt": "2026-01-01T09:00:00.000Z",
    "updatedAt": "2026-05-14T10:00:00.000Z"
  },
  "identities": [
    {
      "id": "idn_01HABC...",
      "provider": "local",
      "createdAt": "2026-01-01T09:00:00.000Z"
    }
  ]
}

PUT /auth/me

Updates your profile. Currently supports updating your display name. Pass null to clear it.

Request body

displayName

string | null

required

Your new display name. Pass null to remove it.

Response — 200 OK

Same shape as GET /auth/me.

Errors

Status	Error	Description
400	`AuthValidationError`	The request body is invalid.
401	`SessionInvalidError`	The token is expired or invalid.
404	`AuthUserNotFoundError`	No user was found for the authenticated session.

curl --request PUT \
  --url https://api.taxmaxi.com/auth/me \
  --header 'Authorization: Bearer YOUR_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{ "displayName": "Max Mustermann" }'

POST /auth/refresh

Issues a new session token with an extended expiration time. Call this before your current token expires to maintain an uninterrupted session.

Response — 200 OK

token

string

required

The new session token. Replace your stored token with this value.

expiresAt

string

required

ISO 8601 timestamp when the new token expires.

Errors

Status	Error	Description
401	`SessionInvalidError`	The existing token is already expired or invalid. Log in again.

curl --request POST \
  --url https://api.taxmaxi.com/auth/refresh \
  --header 'Authorization: Bearer YOUR_TOKEN'

Response

{
  "token": "sess_01HNEW...",
  "expiresAt": "2026-07-14T10:00:00.000Z"
}

POST /auth/logout

Invalidates the current session token immediately. After a successful logout, the token can no longer be used for any authenticated request.

Response — 200 OK

success

boolean

required

true when the session was invalidated successfully.

Errors

Status	Error	Description
401	`SessionInvalidError`	The token is already expired or invalid.

curl --request POST \
  --url https://api.taxmaxi.com/auth/logout \
  --header 'Authorization: Bearer YOUR_TOKEN'

Response

{
  "success": true
}

POST /auth/change-password

Changes the password for a local account. You must provide your current password for verification. This endpoint is only available to users who have a local identity linked — OAuth-only accounts cannot use it. On success, the response is 204 No Content.

Request body

currentPassword

string

required

Your existing password, used to verify your identity before the change is applied.

newPassword

string

required

The new password. Must be at least 8 characters.

Response — 204 No Content

No response body is returned on success.

Errors

Status	Error	Description
400	`NoLocalIdentityError`	Your account does not have a local provider linked. Password change is unavailable.
400	`PasswordWeakError`	The new password does not meet strength requirements. The `requirements` array lists each unmet rule.
401	`ChangePasswordError`	The `currentPassword` is incorrect.
401	`SessionInvalidError`	The token is expired or invalid.

curl --request POST \
  --url https://api.taxmaxi.com/auth/change-password \
  --header 'Authorization: Bearer YOUR_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
    "currentPassword": "kNmGP3sW_ygVLdcNVbxU",
    "newPassword": "NewStr0ng!Pass2026"
  }'

Auth

Sources

Legal References

Session management — TaxMaxi Auth API

GET /auth/me

Response — 200 OK

Errors

PUT /auth/me

Request body

Response — 200 OK

Errors

POST /auth/refresh

Response — 200 OK

Errors

POST /auth/logout

Response — 200 OK

Errors

POST /auth/change-password

Request body

Response — 204 No Content

Errors

Auth

Sources

Legal References

Documentation Index

​GET /auth/me

​Response — 200 OK

​Errors

​PUT /auth/me

​Request body

​Response — 200 OK

​Errors

​POST /auth/refresh

​Response — 200 OK

​Errors

​POST /auth/logout

​Response — 200 OK

​Errors

​POST /auth/change-password

​Request body

​Response — 204 No Content

​Errors

GET /auth/me

Response — 200 OK

Errors

PUT /auth/me

Request body

Response — 200 OK

Errors

POST /auth/refresh

Response — 200 OK

Errors

POST /auth/logout

Response — 200 OK

Errors

POST /auth/change-password

Request body

Response — 204 No Content

Errors