48hr.email/api/routes/account.api.md

# Account Management API

## Overview
Manage user accounts, forwarding emails, locked inboxes, and API tokens.

---

## Endpoints

### GET `/api/account/`
Get account info and stats for the authenticated user.
- **Auth:** Required
- **Response:**
  - `userId`, `username`, `createdAt`, `lastLogin`, `verifiedEmails`, `lockedInboxes`, `apiToken`

### POST `/api/account/verify-email`
Add a forwarding email (triggers verification).
- **Auth:** Required
- **Body:**
  - `email`: string (required)
- **Response:**
  - Success or error

### DELETE `/api/account/verify-email/:id`
Remove a forwarding email by ID.
- **Auth:** Required
- **Response:**
  - Success or error

### POST `/api/account/change-password`
Change account password.
- **Auth:** Required
- **Body:**
  - `oldPassword`, `newPassword`
- **Response:**
  - Success or error

### DELETE `/api/account/`
Delete the user account.
- **Auth:** Required
- **Response:**
  - Success or error

### GET `/api/account/token`
Get API token info (not the token itself).
- **Auth:** Required
- **Response:**
  - `hasToken`, `createdAt`, `lastUsed`

### POST `/api/account/token`
Generate or regenerate API token.
- **Auth:** Required
- **Response:**
  - Success or error

### DELETE `/api/account/token`
Revoke API token.
- **Auth:** Required
- **Response:**
  - Success or error

---

## Response Format
All responses follow:
```
{
  success: true|false,
  data: ...,
  error?: ...,
  code?: ...
}
```

## Error Codes
- `AUTH_DISABLED`: Authentication is disabled
- `VALIDATION_ERROR`: Invalid input
- `REGISTRATION_FAILED`: Registration failed
- `NOT_FOUND`: Resource not found
- `FORBIDDEN`: Unauthorized

---

## Example Response
```
{
  "success": true,
  "data": {
    "userId": "abc123",
    "username": "user1",
    "createdAt": "2026-01-01T00:00:00Z",
    "lastLogin": "2026-01-05T12:00:00Z",
    "verifiedEmails": ["forward@example.com"],
    "lockedInboxes": ["inbox1@example.com"],
    "apiToken": {
      "hasToken": true,
      "createdAt": "2026-01-01T00:00:00Z",
      "lastUsed": "2026-01-05T12:00:00Z"
    }
  }
}
```