Account

Account endpoints manage user profile, organization settings, and notification preferences.

Roles and access control

Every team member has a role that governs write access, independent of the organization's subscription tier:

Role	Write access
Owner	Full. Plus billing and account deletion. Cannot be removed.
Admin	Full — same as owner, except cannot delete the owner or the account.
Viewer	Read-only. GET endpoints only. Any create/update/delete is rejected.

Write operations across the API (environments, assets, watchlist, findings, reports, tickets, integrations, webhooks, alert rules, API keys, SAGE actions, etc.) require the owner or admin role. A viewer calling any of these — including via an API key, which inherits the member's role — receives a 403 with the viewer_role code. See Error Codes. The full role matrix is in the user guide: Roles and Permissions.

Endpoints

Method	Path	Description
GET	/api/v1/account/me	Get current user profile
PUT	/api/v1/account/me	Update profile
GET	/api/v1/account/org	Get organization details
PUT	/api/v1/account/org	Update organization
GET	/api/v1/account/notifications	Get notification preferences
PUT	/api/v1/account/notifications	Update notification preferences

Get Current User

curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/account/me"

{
  "data": {
    "id": 1,
    "email": "[email protected]",
    "name": "Your Name",
    "tier": "professional",
    "org_id": 3,
    "org_name": "Your Organization",
    "created_at": "2025-11-01T09:00:00Z",
    "permissions": {
      "search_max_results": 5000,
      "sage_visible": true,
      "virtual_patch": true,
      "api_keys": true
    }
  }
}

Tier Permissions

Permission	Free	Standard	Professional	API	Enterprise
search_max_results	10	1000	5000	-1 (unlimited)	-1
sage_visible	false	false	true	true	true
virtual_patch	false	false	true	true	true
api_keys	false	false	true	true	true
webhook_delivery	false	true	true	true	true