Users & Accounts

Signup, login, storing profile data in your own app.

The Users & Accounts flow is the foundation of any therappai integration. Your application will create users, authenticate them, store their tokens, and retrieve profile information so they can access therapy sessions, content, moods, tasks, and safety tools.

This page explains the typical user lifecycle and how to implement it with the therappai API.

Overview

Every interaction with therappai requires an authenticated user. The basic flow is:

  1. Signup (create the user)

  2. Login (get access + refresh tokens)

  3. Store tokens securely in your app

  4. Fetch user profile

  5. Update profile (optional)

Once authenticated, the user can interact with all other parts of the platform.

1. Signup

Your app collects the user’s basic details (email, name, password) and sends them to:

POST /signup/

Use this when:

  • a brand-new user registers

  • you’re provisioning accounts programmatically

  • you’re building your own onboarding UI

If a user already exists, skip straight to login.

2. Login

Users authenticate by sending their email and password to:

POST /login/

The response includes:

  • access token — used for all authenticated API calls

  • refresh token — used to get a new access token when it expires

This is the token pair your app will rely on for the rest of the user journey.

3. Store tokens securely

Your app should store:

  • access token — short-lived

  • refresh token — longer-lived

Recommended storage approaches:

  • Mobile: secure storage (Keychain / Encrypted SharedPreferences)

  • Web: HTTP-only secure cookies or encrypted local storage

  • Server-side apps: environment variables or encrypted DB fields

Never expose tokens in logs, URLs, or client-side bundles.

4. Fetching the User Profile

Once authenticated, fetch basic user info using:

GET /profile/
Authorization: Bearer ACCESS_TOKEN

Use this to:

  • load profile data into your UI

  • verify authentication state

  • confirm tokens are valid

The profile typically includes name, email, and image.

5. Updating the User Profile

Users can change their name or upload a profile picture using:

PUT /profile/

This request uses multipart/form-data if including an image.

Use cases:

  • editing user settings

  • adding profile customization

  • updating contact details

6. Refreshing Tokens

When an access token expires (e.g., 401 with token-expired message), request a new one via:

POST /refresh/

Send the refresh token in the body. A new access token will be returned.

If the refresh token is invalid or expired, the user must log in again.

Typical Developer Integration Flow

A common implementation looks like:

  1. User signs up or logs in

  2. Receive tokens

  3. Store tokens securely

  4. Immediately fetch /profile/ to confirm everything works

  5. Move the user into your main app

  6. When access token expires, silently refresh it

  7. If refresh token fails → redirect to login

This provides a smooth, modern authentication experience.

Using User Data Across the Platform

Once a user is authenticated, they can:

  • start therapy sessions

  • access content

  • track moods

  • complete daily tasks

  • manage emergency contacts

All features depend on a valid access token.

PreviousCrisis Buddy & SafetyNextIntegrating AI Chat

Last updated