> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endaoment.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Get authenticated caller

> 
    Returns information about the caller authenticated through one of the supported API auth mechanisms.
    API key callers receive API client metadata. Human callers receive their JWT payload from either the Endaoment
    browser session cookie or an OIDC bearer token. Browser sessions may receive a refreshed Set-Cookie header when
    referral-source metadata is updated.
    



## OpenAPI

````yaml https://api.endaoment.org/oas-json get /v1/auth/whoami
openapi: 3.0.0
info:
  title: Endaoment API
  description: >-
    The official Endaoment API endpoints. Dev (canary) = newest features;
    Staging (stable) = pre-production.
  version: 0.0.0-dev
  contact: {}
servers:
  - url: https://api.endaoment.org
    description: Production
security: []
tags:
  - name: Partner Endpoints
    description: Tech-platform partner server-to-server APIs
  - name: Authentication
    description: OAuth callers, API keys, and session verification
  - name: Funds
    description: Donor-advised fund lifecycle
  - name: Donations
    description: Donation pledges, supported assets, and impact totals
  - name: Portfolios
    description: Investment portfolio catalog
  - name: Nonprofit Organizations
    description: Nonprofit lookup, subprojects, and missing-org intake
  - name: Grant Transfers
    description: Grant and entity transfers
  - name: Collaboration
    description: Collaborator recommendations and fund collaboration
  - name: Activity
    description: Public and scoped activity feeds
paths:
  /v1/auth/whoami:
    get:
      tags:
        - Authentication
      summary: Get authenticated caller
      description: |2-

            Returns information about the caller authenticated through one of the supported API auth mechanisms.
            API key callers receive API client metadata. Human callers receive their JWT payload from either the Endaoment
            browser session cookie or an OIDC bearer token. Browser sessions may receive a refreshed Set-Cookie header when
            referral-source metadata is updated.
            
      operationId: AuthController_whoAmI_v1
      parameters:
        - name: x-api-key
          in: header
          description: >-
            API key used by server-side integrations. Bearer auth or the
            NdaoAuth cookie may also be used.
          required: false
          schema:
            type: string
      responses:
        '200':
          description: Authenticated caller metadata
          content:
            application/json:
              schema:
                anyOf:
                  - $ref: '#/components/schemas/WhoAmIApiKeyUserDto'
                  - $ref: '#/components/schemas/WhoAmINdaoAuthUserDto'
                  - $ref: '#/components/schemas/WhoAmIOidcUserDto'
        '401':
          description: No valid API key, bearer token, or session cookie was provided
        '404':
          description: Authenticated human user no longer exists in the database
      security:
        - NdaoAuthCookie: []
        - ApiKey: []
        - bearer: []
components:
  schemas:
    WhoAmIApiKeyUserDto:
      type: object
      properties:
        clientName:
          type: string
          description: Human-readable name of the API key client.
          example: Authorization Server
        openIdConnectClientId:
          type: string
          description: >-
            OIDC client ID associated with the API key, when the key is tied to
            a tech platform.
          example: partner-oidc-client
        roles:
          description: Roles granted to the API key client.
          example:
            - keeper
          type: array
          items:
            type: string
      required:
        - clientName
        - roles
    WhoAmINdaoAuthUserDto:
      type: object
      properties:
        userId:
          type: string
          description: Unique identifier of the authenticated Endaoment user.
          format: uuid
          example: 123e4567-e89b-12d3-a456-426614174000
        wallet:
          type: string
          description: Wallet address associated with the authenticated user.
          example: '0x0000000000000000000000000000000000000000'
        hasInformedReferralSource:
          type: boolean
          description: >-
            Whether the user has already informed Endaoment how they heard about
            the platform.
          example: true
        socialEmail:
          type: string
          description: Verified social email for the authenticated user, when present.
          example: donor@example.org
        iat:
          type: number
          description: JWT issued-at timestamp, in seconds since the Unix epoch.
          example: 1716239024
        exp:
          type: number
          description: JWT expiration timestamp, in seconds since the Unix epoch.
          example: 1716498224
      required:
        - userId
        - wallet
        - iat
        - exp
    WhoAmIOidcUserDto:
      type: object
      properties:
        userId:
          type: string
          description: Unique identifier of the authenticated Endaoment user.
          format: uuid
          example: 123e4567-e89b-12d3-a456-426614174000
        wallet:
          type: string
          description: Wallet address associated with the authenticated user.
          example: '0x0000000000000000000000000000000000000000'
        hasInformedReferralSource:
          type: boolean
          description: >-
            Whether the user has already informed Endaoment how they heard about
            the platform.
          example: true
        socialEmail:
          type: string
          description: Verified social email for the authenticated user, when present.
          example: donor@example.org
        iat:
          type: number
          description: JWT issued-at timestamp, in seconds since the Unix epoch.
          example: 1716239024
        exp:
          type: number
          description: JWT expiration timestamp, in seconds since the Unix epoch.
          example: 1716498224
        jti:
          type: string
          description: Unique identifier for the OIDC JWT.
          example: 01HX2T9E1Q9Y9M4B7Z8Q2YQ2YQ
        sub:
          type: string
          description: OIDC subject identifier.
          example: user_123
        iss:
          type: string
          description: OIDC issuer.
          example: https://auth.endaoment.org
        clientId:
          type: string
          description: Client that issued the OIDC JWT.
          example: partner-oidc-client
        scope:
          type: string
          description: Space-delimited OIDC scopes granted to the token.
          example: openid profile
        aud:
          type: string
          description: OIDC audience.
          example: api.endaoment.org
      required:
        - userId
        - wallet
        - iat
        - exp
        - jti
        - sub
        - iss
        - clientId
        - aud
  securitySchemes:
    NdaoAuthCookie:
      type: apiKey
      in: cookie
      name: NdaoAuth
    ApiKey:
      type: apiKey
      in: header
      name: x-api-key
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````