The Users API handles the complete lifecycle of a Yeti Jobs account — from signing up and verifying your email to managing your profile, uploading a resume for ATS scoring, adding education records, tracking skills, and following companies. Authentication is cookie-based: a signedDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/tech-dipesh/yeti-Jobs/llms.txt
Use this file to discover all available pages before exploring further.
token JWT is set on login or signup and must be present for all protected routes. The JWT is signed with the JSON_SECRET_KEY environment variable and stored in the token cookie. Roles available in the system are guest (job seeker), recruiter, and admin.
POST /api/v1/users/signup
Creates a new user account and sends a 6-digit verification code to the supplied email address. Sets atoken cookie that marks the session as logged-in but unverified. The email domain is validated via DNS MX lookup before the record is inserted.
This route is blocked for already-authenticated users. If a valid
token cookie is already present the request is rejected with 401.First name. Minimum 2 characters.
Last name. Minimum 2 characters.
Valid email address. The domain must have resolvable MX records.
Highest education level. One of:
Basic, Matrix, High School, Undergraduation, Postgraduation.Password matching the platform’s complexity regex (uppercase, lowercase, digit, special character, 8–20 chars).
POST /api/v1/users/login
Authenticates an existing user and sets a signedtoken cookie. If the account email is not yet verified, the cookie is issued with verify: false and the response status is 200; subsequent requests to protected routes will be blocked until the email is confirmed.
Blocked for already-authenticated users.
Registered email address.
Account password.
GET /api/v1/users/logout
Clears thetoken cookie and ends the session. No request body is needed.
GET /api/v1/users/login-status
Returns the current authentication and verification state of the caller. Use this to hydrate your frontend on page load without an additional profile fetch. Response fieldstrue if a valid JWT cookie is present.true if the user’s email has been verified.User UUID (present when
login is true).guest, recruiter, or admin.UUID of the company the user belongs to, or
null.Public URL of the user’s profile picture.
POST /api/v1/users/verify
Verifies an account’s email address using the 6-digit code that was emailed at signup. Requires the unverified-user cookie (verify: false).
Rate limited to 2 requests per minute. Requires the unverified session cookie.
The 6-digit numeric verification code sent to the registered email.
POST /api/v1/users/verify/resend
Resends the email verification code to the address on file. Requires the unverified-user cookie.Rate limited to 2 requests per minute. Requires the unverified session cookie.
POST /api/v1/users/forget-password
Initiates the password-reset flow by emailing a 6-digit code to the supplied address. No authentication cookie is required.Rate limited to 2 requests per minute.
The email address associated with the account.
POST /api/v1/users/forget-password/verify
Completes the password-reset flow by submitting the code and the new password.Rate limited to 2 requests per minute.
The 6-digit reset code received by email.
The new password. Must satisfy the platform password regex.
GET /api/v1/users/:id
Returns the full profile of the user identified by:id, including education, skills, resume URL, and employment status.
Requires authentication (
token cookie) and ownership — the authenticated user’s uid must match :id.The UUID of the user.
PUT /api/v1/users/:id
Replaces the user’s profile with the supplied values. All updatable fields must be provided.Requires authentication and ownership.
UUID of the user to update.
First name (minimum 2 characters).
Last name (minimum 2 characters).
Email address.
One of:
Basic, Matrix, High School, Undergraduation, Postgraduation.Years of experience as a string (0–35).
Phone number in international format, e.g.
+14155552671. 10–15 digits.PATCH /api/v1/users/:id
Partially updates the user profile. Only the fields included in the request body are changed.Requires authentication and ownership.
UUID of the user to update.
First name.
Last name.
Years of experience (0–35).
Phone number in international format.
POST /api/v1/users/:id/skills
Appends a single skill to the user’s skills array. Returns an error if the skill already exists.Requires authentication and ownership.
UUID of the user.
A single skill string to add, e.g.
"JavaScript". To add multiple skills call this endpoint once per skill.POST /api/v1/users/resume
Uploads a PDF resume. The file is stored in Supabase Storage, its URL is saved against the user record, and ATS analysis is triggered asynchronously.Requires authentication (
token cookie). Send as multipart/form-data.PDF file. Form field name must be
resume.GET /api/v1/users/resume
Returns the most recent ATS score, feedback, and the public resume URL for the authenticated user.Requires authentication.
POST /api/v1/users/profile-picture
Uploads a profile picture. The image is stored in Supabase Storage and theprofile_pic_url column is updated.
Requires authentication and ownership. Send as
multipart/form-data.Image file (JPEG, PNG, WebP). Form field name must be
profile.POST /api/v1/users/add-education
Adds or replaces the user’s education record. Each call runs inside a transaction: the old record for the user is deleted and the new one is inserted atomically.Requires authentication and ownership.
Name of the university or institution (minimum 8 characters).
Degree title (minimum 5 characters).
Start year (1940–2026).
End year (1944–2031). Must be greater than
start_date and within 6 years of it.Numeric grade or percentage (0–100).
GET /api/v1/users/following
Returns the list of companies the authenticated job-seeker is currently following.Requires authentication and the
guest (job seeker) role.GET /api/v1/users/all
Returns every user record in the system. Reserved for platform administrators.Requires authentication and the
admin role.