Authenticated users can update their email address or password at any time using the twoDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt
Use this file to discover all available pages before exploring further.
PATCH endpoints documented on this page. Both endpoints derive the caller’s identity from the JWT Bearer token — no userId or current email is required in the request body. A valid, unexpired token must be present in the Authorization header for every call.
The current email is read from the JWT’s
sub (subject) claim via Spring Security’s Authentication.getName(). Ensure the token in your Authorization header belongs to the account you intend to modify.Change Email
Updates the authenticated user’s email address in the auth database and publishes aUserEmailChangedEvent to RabbitMQ so the user-service can stay in sync.
Endpoint
Query Parameters
The new email address to assign to the account. Must be unique within the auth database. After a successful update, subsequent logins and JWT tokens will use this address as the subject.
Example
Response 200 OK
RabbitMQ Integration
After persisting the new email, the auth service publishes a
UserEmailChangedEvent to the user.exchange exchange with the routing key user.email.changed. The event payload contains the user’s internal authId and the newEmail. The user-service consumes this event to mirror the change in its own database, keeping both services consistent without a synchronous HTTP call.Change Password
Updates the authenticated user’s password. The new value is BCrypt-hashed before being saved.Endpoint
Query Parameters
The plain-text replacement password. The auth service encodes it with BCrypt before persisting.
Example
Response 200 OK
Error Codes
The following errors apply to bothPATCH /auth/change-email and PATCH /auth/change-password.
| HTTP Status | Exception | Description |
|---|---|---|
400 Bad Request | UserNotFoundException | The email resolved from the JWT subject does not match any record in the auth database. This may occur if the account was deleted after the token was issued. |
500 Internal Server Error | Exception | An unexpected server-side error occurred. |
