This section documents the user management endpoints of the MiseOS API, which allow for retrieving, updating, and deleting user accounts.
Kitchen-related endpoints often use the role KITCHEN_STAFF. This is a role group representing any kitchen role:
HEAD_CHEFSOUS_CHEFLINE_COOK
Users with any of these roles are considered kitchen staff and can access endpoints marked with KITCHEN_STAFF. Each role may still have specific permissions depending on the endpoint.
Endpoints#
| Method | URL | Auth |
|---|---|---|
GET | /users | HEAD_CHEF |
GET | /users/me | KITCHEN_STAFF |
GET | /users/{id} | HEAD_CHEF, SOUS_CHEF |
PUT | /users/{id} | KITCHEN_STAFF |
PATCH | /users/{id}/role | HEAD_CHEF |
PATCH | /users/{id}/email | KITCHEN_STAFF |
PATCH | /users/{id}/password | KITCHEN_STAFF |
PATCH | /users/{id}/station/{stationId} | HEAD_CHEF, SOUS_CHEF |
DELETE | /users/{id} | HEAD_CHEF |
Headers#
| Header | Description |
|---|---|
Authorization | Required for all endpoints in this section. Format: Bearer {token}. |
User response object#
{
"id": 1,
"firstName": "Gordon",
"lastName": "Ramsay",
"email": "gordon.ramsay@kitchen.com",
"userRole": "HEAD_CHEF",
"station": {
"id": 1,
"name": "Hot Kitchen"
},
"createdAt": "2026-01-01T12:00:00Z"
}GET /users#
Returns all users. Sorted alphabetically by first name.
Example Request#
curl -H "Authorization: Bearer <token>" \
https://miseos.corral.dk/api/v1/usersResponse 200 — array of user objects.
[
{
"id": 1,
"firstName": "Gordon",
"lastName": "Ramsay",
"email": "gordon.ramsay@kitchen.com",
"userRole": "HEAD_CHEF",
"station": {
"id": 1,
"name": "Hot Kitchen"
},
"createdAt": "2026-01-01T12:00:00Z"
},
{
"id": 2,
"firstName": "Marco",
"lastName": "Pierre",
"email": "marco@kitchen.com",
"userRole": "LINE_COOK",
"station": {
"id": 2,
"name": "Cold Kitchen"
},
"createdAt": "2026-01-01T12:00:00Z"
},
...
]GET /users/me#
Returns the profile of the currently authenticated user.
Example Request#
curl -H "Authorization: Bearer <token>" \
https://miseos.corral.dk/api/v1/users/meResponse 200 — user object.
GET /users/{id}#
Returns a user by ID. A head chef can access any profile.
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | Long | User ID |
Example Request#
curl -H "Authorization: Bearer <token>" \
https://miseos.corral.dk/api/v1/users/12Response 200 — user object.
Errors
| Status | Cause |
|---|---|
404 | User not found |
PUT /users/{id}#
Updates a user’s name and station. A line cook can only update their own profile. A head chef can update any profile.
Request body
{
"firstName": "Gordon",
"lastName": "Ramsay",
"stationId": 2
}Response 200 — updated user object.
Errors
| Status | Cause |
|---|---|
403 | Attempting to update another user’s profile without head chef role |
404 | User or station not found |
PATCH /users/{id}/role#
Changes a user’s role. Only head chef can perform this action.
Request body
{
"userRole": "SOUS_CHEF"
}Response 200 — updated user object.
PATCH /users/{id}/email#
Changes a user’s email. Users can only change their own email.
Request body
{
"email": "new@kitchen.com"
}Response 200 — updated user object.
Errors
| Status | Cause |
|---|---|
403 | Attempting to change another user’s email |
409 | Email already in use |
PATCH /users/{id}/password#
Changes a user’s password. Requires the current password. Users can only change their own password.
Request body
{
"currentPassword": "OldPassword123",
"newPassword": "NewPassword123"
}Response 200 — updated user object.
Errors
| Status | Cause |
|---|---|
400 | Current password incorrect or new password does not meet requirements |
403 | Attempting to change another user’s password |
PATCH /users/{id}/station/{stationId}#
Assigns a user to a station.
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | Long | User ID |
stationId | Long | Station ID |
Example Request#
curl -X PATCH \
-H "Authorization: Bearer <token>" \
https://miseos.corral.dk/api/v1/users/5/station/2Response 200 — updated user object.
{
"id": 5,
"firstName": "Marco",
"lastName": "Pierre",
"email": "marco@kitchen.com",
"userRole": "LINE_COOK",
"station": {
"id": 2,
"name": "Cold Kitchen"
}
}DELETE /users/{id}#
Permanently deletes a user. A head chef cannot delete their own account.
Example Request#
curl -X DELETE \
-H "Authorization: Bearer <token>" \
https://miseos.corral.dk/api/v1/users/5Response 204 — no content.
Errors
| Status | Cause |
|---|---|
400 | Attempting to delete own account |
404 | User not found |