---
title: GET /api/auth/me
description: The current authenticated principal — works for a session cookie or a Bearer API key. Backs scripto whoami.
---

<Note>

The CLI equivalent is `scripto whoami`.

</Note>

Returns the current principal. Works for both a session cookie (web) and a Bearer `scripto_` key (CLI / agents) — the user is resolved in `hooks.server.ts`.

## Endpoint

```text
GET https://scripto.codika.io/api/auth/me
```

## Auth

| Header | Value |
|---|---|
| `Authorization` | `Bearer scripto_…` (or a session cookie) |

## Response (200)

```json
{
  "user": {
    "id": "user_…",
    "email": "you@example.com",
    "name": "Your Name"
  }
}
```

<Note>

For a **key-authenticated** request, `email` / `name` may be blank — the server synthesizes a minimal user for key auth. The CLI falls back to the cached profile email when present.

</Note>

## Errors

| HTTP | Body | Cause |
|---|---|---|
| 401 | `{ "error": "Unauthorized" }` | Missing or invalid key/session. |

## curl

```bash
curl -sS https://scripto.codika.io/api/auth/me \
  -H "Authorization: Bearer $SCRIPTO_API_KEY"
```

## Next

- **[Authentication](/api-reference/authentication)** — the Bearer header.
- **[GET /api/articles](/api-reference/list-articles)** — your first authenticated data call.