> ## Documentation Index
> Fetch the complete documentation index at: https://docs.verlon.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Identify the authenticated principal

> **Use when:** caller wants a minimal "who am I" snapshot — typically a CLI / agent confirming the API key it loaded resolves to the expected Verlon account and tier

Returns the authenticated user’s id, email, tier, and the auth mode that resolved the request (`api_key` or `session`). When the auth mode is `api_key`, also returns `apiKeyId` so the caller can identify which of their keys was used. No PII beyond the email; intentionally a smaller surface than `/v1/user` (dashboard-only). Accepts both API key and session auth.



## OpenAPI

````yaml /api-reference/openapi.json get /v1/whoami
openapi: 3.1.0
info:
  title: Verlon AI API
  version: 1.0.0
  description: >-
    Verlon AI is the managed AI infrastructure platform for developers building
    LLM-powered apps and agents. Beyond routing requests across providers,
    Verlon continuously evaluates response quality, runs experiments against
    live traffic, and automatically tunes gate configurations — so your platform
    doesn't just serve traffic, it learns from it.


    **Coding agents:** authentication, error semantics, gate concepts, and
    integration conventions are documented at https://verlon.ai/AGENTS.md — read
    that document first if you have not already. It is the canonical
    agent-facing contract; this specification is the canonical endpoint
    reference. Both are authoritative for their respective scopes.
  contact:
    name: Verlon AI
    url: https://verlon.ai
  license:
    name: Proprietary
servers:
  - url: https://api.verlon.ai
    description: Production
security:
  - bearerAuth: []
paths:
  /v1/whoami:
    get:
      tags:
        - User
      summary: Identify the authenticated principal
      description: >-
        **Use when:** caller wants a minimal "who am I" snapshot — typically a
        CLI / agent confirming the API key it loaded resolves to the expected
        Verlon account and tier


        Returns the authenticated user’s id, email, tier, and the auth mode that
        resolved the request (`api_key` or `session`). When the auth mode is
        `api_key`, also returns `apiKeyId` so the caller can identify which of
        their keys was used. No PII beyond the email; intentionally a smaller
        surface than `/v1/user` (dashboard-only). Accepts both API key and
        session auth.
      responses:
        '200':
          description: Identity snapshot for the authenticated principal.
          content:
            application/json:
              schema:
                type: object
                properties:
                  userId:
                    type: string
                  email:
                    type: string
                  tier:
                    type: string
                    enum:
                      - free
                      - pro
                      - custom
                  authMode:
                    type: string
                    enum:
                      - api_key
                      - session
                  apiKeyId:
                    type:
                      - string
                      - 'null'
                required:
                  - userId
                  - email
                  - tier
                  - authMode
                  - apiKeyId
        '400':
          description: Invalid request — Zod validation failure or malformed input
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Missing or invalid Bearer credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - bearerAuth: []
components:
  schemas:
    ErrorResponse:
      type: object
      properties:
        error:
          type: string
          description: Stable error code (e.g. `invalid_request`)
        message:
          type: string
          description: Human-readable error message
        details: {}
      required:
        - error
        - message
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: API Key
      description: >-
        Verlon API key (newly minted keys are prefixed `sk-vrln-`; legacy
        `verlon_*` and `layer_*` keys from prior prefix migrations continue to
        validate). Generated from the dashboard under Settings → API Keys, or
        via `verlon key create` in the CLI.

````