User Service

Backend-for-Frontend (BFF) that aggregates data from multiple downstream services. Handles user profiles, admin settings, sharing/access control, documents, tags, pins, favorites, activity logs, Langflow flows, and settings streaming.

Does not own a database. All persistence is delegated to downstream services via HTTP.

Tech: NestJS 11, CASL (access control)
Port: 4000
Auth: JWT (RS256), Public
Database: None (pure aggregator)

User Endpoints

Method	Path	Auth	Description
GET	`/api/v1/user/profile`	JWT	Get current user profile
GET	`/api/v1/user/by-email?email=`	Public	Get user by email (internal)
POST	`/api/v1/user/zitadel`	Public	Create user from ZITADEL (internal)
GET	`/api/v1/user/zitadel/:zitadelUserId`	Public	Find by ZITADEL ID (internal)
PATCH	`/api/v1/user`	JWT	Update profile
POST	`/api/v1/user`	Public	Create user (internal)
GET	`/api/v1/user/bulk?ids=`	Public	Get multiple users by IDs

The "Public" endpoints are not exposed to end users -- they exist for service-to-service calls from auth-service.

Admin Endpoints

Organization settings management. All calls proxy to admin-base-ms.

Method	Path	Auth	Description
GET	`/api/v1/admin/languages`	JWT	All available languages
GET	`/api/v1/admin/organization-settings/languages/selections`	JWT	Org language selections
PUT	`/api/v1/admin/organization-settings/languages`	JWT	Update org languages
GET	`/api/v1/admin/connectors`	JWT	All available connectors
GET	`/api/v1/admin/organization-settings/connectors/selections`	JWT	Org connector selections
PUT	`/api/v1/admin/organization-settings/connectors`	JWT	Update org connectors
GET	`/api/v1/admin/organization-settings/agents/selections`	JWT	Org agent selections
PUT	`/api/v1/admin/organization-settings/agents`	JWT	Update org agents
GET	`/api/v1/admin/organization-settings/templates/selections`	JWT	Org template selections
PUT	`/api/v1/admin/organization-settings/templates`	JWT	Update org templates
GET	`/api/v1/admin/organization-settings/parsing/selections`	JWT	Org parsing selections
PUT	`/api/v1/admin/organization-settings/parsing`	JWT	Update org parsing
GET	`/api/v1/admin/organization-settings/models/selections`	JWT	Org model selections
PUT	`/api/v1/admin/organization-settings/models`	JWT	Update org models
GET	`/api/v1/admin/mcp-servers`	JWT	Get enabled MCP servers
GET	`/api/v1/admin/organization-mcp-servers/:organizationId`	JWT	Get org MCP server selections
POST	`/api/v1/admin/organization-settings`	JWT	Create org settings
GET	`/api/v1/admin/organization-settings/me`	JWT	Get my org settings
PUT	`/api/v1/admin/organization-settings/me`	JWT	Update my org settings
GET	`/api/v1/admin/organizations/:organizationId/settings`	JWT	Get org settings (legacy)
PUT	`/api/v1/admin/organizations/:organizationId/settings`	JWT	Update org settings (legacy)

Resource sharing with granular access control.

Method	Path	Auth	Description
POST	`/api/v1/sharing/share`	JWT	Share a resource with users/groups
GET	`/api/v1/sharing/resource/:resourceType/:resourceId/people`	JWT	Get people with access
GET	`/api/v1/sharing/resource/:type/:id/check-user-access/:userId`	JWT	Check user access
PATCH	`/api/v1/sharing/share/:shareId`	JWT	Update share role
DELETE	`/api/v1/sharing/share/:shareId`	JWT	Revoke share
PUT	`/api/v1/sharing/resource/:type/:id/link-settings`	JWT	Update link sharing settings
GET	`/api/v1/sharing/shared-with-me`	JWT	Resources shared with me
POST	`/api/v1/sharing/check-access`	JWT	Check access
POST	`/api/v1/sharing/check-access/batch`	JWT	Batch check access
GET	`/api/v1/sharing/search-users`	JWT	Search users for sharing
POST	`/api/v1/sharing/locks/:type/:id`	JWT	Acquire editing lock
DELETE	`/api/v1/sharing/locks/:type/:id`	JWT	Release lock
GET	`/api/v1/sharing/locks/:type/:id`	JWT	Get lock status

Tags, Pins, Favorites

Method	Path	Auth	Description
GET	`/api/v1/tags`	JWT	Get user's tags
POST	`/api/v1/tags`	JWT	Create tag
PUT	`/api/v1/tags/:id`	JWT	Update tag
DELETE	`/api/v1/tags/tag/:id`	JWT	Delete tag
POST	`/api/v1/tags/tag-entities`	JWT	Link tag to entity
POST	`/api/v1/tags/tag-entities/batch`	JWT	Get tag entities by type/IDs
DELETE	`/api/v1/tags/tag-entities/:id`	JWT	Unlink tag
GET	`/api/v1/pins`	JWT	Get pins
POST	`/api/v1/pins`	JWT	Create pin
DELETE	`/api/v1/pins/:targetId`	JWT	Delete pin
POST	`/api/v1/pins/is-pinned`	JWT	Check pinned status
GET	`/api/v1/favorites?targetType=`	JWT	Get favorites
POST	`/api/v1/favorites`	JWT	Add favorite
PATCH	`/api/v1/favorites/:targetId`	JWT	Remove favorite
POST	`/api/v1/favorites/is-favorited`	JWT	Check favorited status
POST	`/api/v1/favorites/counts`	JWT	Get favorite counts

Activity Logs

Method	Path	Auth	Description
GET	`/api/v1/activity-logs/recent`	JWT + CASL	Recent activity logs
POST	`/api/v1/activity-logs/create`	JWT + CASL	Create log entry
PUT	`/api/v1/activity-logs/hide`	JWT + CASL	Hide log entry

Document Endpoints

Method	Path	Auth	Description
GET	`/api/v1/documents/tree`	JWT + CASL	Document tree (proxied from document-service)
GET	`/api/v1/documents/:docId/download`	JWT	Download document (streams from document-service)

Langflow Flow Endpoints

Method	Path	Auth	Description
GET	`/api/v1/flows`	JWT + CASL	List flows
GET	`/api/v1/flows/:flowId`	JWT + CASL	Get flow
POST	`/api/v1/flows/:flowId/run`	JWT + CASL	Run a flow
POST	`/api/v1/flows`	JWT + CASL	Create flow
PATCH	`/api/v1/flows/:flowId`	JWT	Update flow
DELETE	`/api/v1/flows/:flowId`	JWT	Delete flow
POST	`/api/v1/flows/tokens/refresh`	JWT + CASL	Refresh Langflow token
GET	`/api/v1/flows/health`	Public	Langflow health

Settings (with SSE)

Method	Path	Auth	Description
GET	`/api/v1/settings/me`	JWT	Get user settings
PATCH	`/api/v1/settings/me/preferences`	JWT	Update preferences
GET (SSE)	`/api/v1/settings/stream`	JWT	Real-time settings stream

User Roles

Method	Path	Auth	Description
POST	`/api/v1/user-roles`	--	Create a user role assignment
GET	`/api/v1/user-roles`	--	Get all user roles
GET	`/api/v1/user-roles/:id`	--	Get by ID
PATCH	`/api/v1/user-roles/:id`	--	Update
DELETE	`/api/v1/user-roles/:id`	--	Delete

Langflow Accounts

Method	Path	Auth	Description
POST	`/api/v1/langflow-users`	JWT + CASL	Create Langflow account
GET	`/api/v1/langflow-users/me`	JWT + CASL	Get my Langflow account
PATCH	`/api/v1/langflow-users`	JWT + CASL	Update Langflow account

Features

Method	Path	Auth	Description
POST	`/api/v1/features/create`	Public	Create a feature (sharing system)
GET	`/api/v1/features/:id`	Public	Get feature by ID

Integration Tools

Note: This controller uses @Controller('api/v1/integrations') which, combined with the global prefix, results in a double path prefix (/api/v1/api/v1/integrations/...). This appears to be a bug in the source code.

Method	Path	Auth	Description
GET	`/integrations/tools`	--	Get all integration tools
GET	`/integrations/tools/:key`	--	Get tool by key
GET	`/integrations/providers`	--	Get providers
POST	`/integrations/:providerName/tokens`	JWT	Ensure provider tokens
POST	`/integrations/:providerName/account`	JWT	Ensure provider account
GET	`/integrations/:providerName/health`	--	Check provider health
GET	`/integrations/health`	--	Check all providers health

Inter-Service Communication

Target	Protocol	Purpose
user-base-ms	HTTP	All user data persistence (users, tags, pins, favorites, logs, features, shares, locks, tools, Langflow accounts, connectors, languages)
admin-base-ms	HTTP	Roles, permissions, org settings, org resource configurations
llm-core	HTTP	Conversations, agents, available models, agent files
document-service	HTTP	Document tree, downloads
identity-service	HTTP	Group management, user-group resolution
integration-service	HTTP	Provider tokens, accounts, health checks
Langflow	HTTP	Flow CRUD, execution, tokens

User Endpoints​

Admin Endpoints​

Sharing Endpoints​

Tags, Pins, Favorites​

Activity Logs​

Document Endpoints​

Langflow Flow Endpoints​

Settings (with SSE)​

User Roles​

Langflow Accounts​

Features​

Integration Tools​

Inter-Service Communication​