Get Hedhog updates in your inbox
New releases, fresh recipes, and breaking changes — no spam.
Core Submodule
profile
Owns current-user profile, MFA, recovery codes and personal settings.
Source path: libraries/core/src/profile
Module file: profile.module.ts
Introduction
This page documents the profile submodule as part of the Core package. Use it as a quick technical reference for implementation scope, exposed APIs and MCP integration points.
HTTP Endpoints
30 endpoints
Return the profile of the currently authenticated user.
Update the current user's profile information.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| name | string | yes | — |
Upload a new avatar for the current user.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| file | File | yes | Image file, multipart/form-data |
Update the current user's UI preferences.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| theme | "light" | "dark" | "system" | no | — |
| language | string | no | 2-char language code |
Change the current user's password.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| currentPassword | string | yes | Strong password |
| newPassword | string | yes | Min 6 chars |
Initiate an email change; triggers a verification flow.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| password | string | yes | Min 6 chars (current password) |
| string | yes | New email address | |
| pin | string | no | Pin code (if MFA is required) |
List all MFA methods registered for the current user.
Return the current user's primary email identifier.
Rename an MFA method.
- Params
- mfaId (int)
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| name | string | yes | — |
Check whether the user must complete MFA verification before adding a new method.
Check whether the user must complete MFA verification before removing a method.
Verify the current MFA method before adding a new one.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| verificationCode | string | yes | — |
| verificationType | "totp" | "email" | "recovery" | "webauthn" | yes | — |
| hash | string | no | — |
| assertionResponse | object | no | WebAuthn assertion (if verificationType is webauthn) |
Generate a TOTP secret and QR code URI for the authenticator app setup.
Verify a TOTP token and save the authenticator app as an MFA method.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| name | string | yes | — |
| token | string | yes | Exactly 6 digits |
| secret | string | yes | TOTP secret from generate step |
Remove the TOTP MFA method after verifying the current token.
- Params
- mfaId (int)
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| token | string | yes | Current TOTP code to confirm removal |
Send an email verification code to the user's email.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| string | yes | Valid email address |
Confirm the email verification code.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| pin | string | yes | Pin code received by email |
| challengeId | number | yes | — |
| name | string | no | — |
Send a verification code to set up email as an MFA method.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| string | yes | Valid email address |
Confirm the email MFA setup verification code.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| pin | string | yes | Pin code received by email |
| challengeId | number | yes | — |
| name | string | no | — |
Remove an email MFA method.
- Params
- mfaId (int)
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| token | string | yes | — |
| hash | string | yes | — |
Send a removal confirmation code to the email being unlinked.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| string | yes | Email address to be unlinked |
Send a verification challenge before showing or regenerating recovery codes.
Regenerate recovery codes after verifying identity.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| verificationCode | string | no | — |
| hash | string | no | — |
| verificationType | "totp" | "email" | "recovery" | "webauthn" | no | — |
| assertionResponse | object | no | — |
Remove an MFA method after completing the required verification.
- Params
- mfaId (int)
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| token | string | no | — |
| hash | string | no | — |
| verificationType | "totp" | "email" | "recovery" | "webauthn" | no | — |
| assertionResponse | object | no | — |
Remove an MFA method using a recovery code as proof of identity.
- Params
- mfaId (int)
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| recoveryCode | string | yes | — |
Generate WebAuthn registration options for adding a passkey.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| name | string | yes | Display name for the passkey |
Verify and save a new WebAuthn credential.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| name | string | yes | — |
| attestationResponse | object | yes | WebAuthn attestation from the browser |
Generate WebAuthn authentication options for verifying a passkey.
Verify a WebAuthn authentication assertion.
Body
| Field | Type | Required | Notes |
|---|---|---|---|
| assertionResponse | object | yes | WebAuthn assertion from the browser |
Remove a registered WebAuthn passkey.
- Params
- mfaId (int)
MCP Tools
Named tools callable by AI models via the Model Context Protocol (MCP).
core.profile.getReturn the current user's profile data
core.profile.updateUpdate the current user's profile information
core.profile.update-preferencesUpdate the current user's display and locale preferences
core.profile.mfa.listList MFA/WebAuthn credentials registered to the current user
core.profile.change-passwordChange the current user's password