---
title: meta.sr.ht API reference
---
The meta.sr.ht API allows you to view and edit user information on meta.sr.ht
programmatically. This API follows the [standard sourcehut API
conventions](/api-conventions.md).
## Authentication
Authentication is done via the [meta.sr.ht OAuth
flow](../oauth-api.md). The following OAuth scopes are available for meta.sr.ht:
- **audit:read**: read the security audit log
- **keys:read**, **keys:write**: read & update user SSH & PGP keys
- **profile:read**, **profile:write**: read & update profile information
## Resources
### User resource
meta.sr.ht expands on the [standard user
resource](/api-conventions.md#user-resource).
```json
{
"canonical_name": "~username",
"name": "username",
"email": "email",
"url": "url" or null,
"location": "location" or null,
"bio": "bio" or null,
"use_pgp_key": pgp key resource ID
}
```
- **use\_pgp\_key** is the ID of the user's preferred PGP key, which can be
found via [`GET /api/user/pgp-keys/:id`](#get-apiuserpgp-keysid).
### Audit log entry resource
```json
{
"id": integer,
"ip": "IP address",
"action": "event type",
"details": "event details",
"created": "timestamp"
}
```
### SSH key resource
```json
{
"id": integer,
"authorized": "timestamp",
"comment": "SSH key comment",
"fingerprint": "SSH key fingerprint",
"key": "SSH key (authorized_keys format)",
"owner": short-form user resource,
"last_used": "timestamp"
}
```
- **last_used** is omitted when viewing an SSH key which is not owned by the
authorized user.
### PGP key resource
```json
{
"id": integer,
"key": "armored PGP key",
"key_id": "PGP key fingerprint",
"email": "First email found in the PGP key",
"authorized": "timestamp",
"owner": short-form user resource
}
```
## Endpoints
### GET /api/user/profile
Returns the authenticated user's [user resource](#user-resource).
**OAuth scope**: `profile:read`
### PUT /api/user/profile
Updates the authenticated user's profile.
**OAuth scope**: `profile:write`
**Request body**
```json
{
"url": "url" or null, (optional)
"location": "location" or null, (optional)
"bio": "bio" or null, (optional)
"email": "email" (optional)
}
```
**Response**
Updated [user resource](#user-resource).
**Notes**
- When updating **email**, the returned user resource will not reflect the
update. The user must click the confirmation link which is sent to their new
email address before the update will take effect.
### GET /api/user/audit-log
List of [audit log entry resources](#audit-log-entry-resource).
**OAuth scope**: `audit-log:read`
### GET /api/user/ssh-keys
List of [SSH key resources](#ssh-key-resource).
**OAuth scope**: `keys:read`
### POST /api/user/ssh-keys
Creates a new [SSH key resource](#ssh-key-resource).
**OAuth scope**: `keys:write`
**Request body**
```json
{
"ssh-key": "SSH key (authorized_keys format)"
}
```
**Response**
The new [SSH key resource](#ssh-key-resource).
### GET /api/user/ssh-keys/:id
Retrieves an [SSH key resource](#ssh-key-resource).
**OAuth scope**: `keys:read`
### PUT /api/user/ssh-keys/:id
Updates the "last_used" time of this SSH key resource.
**OAuth scope**: `keys:read`
**Response**
The updated [SSH key resource](#ssh-key-resource).
### DELETE /api/user/ssh-keys/:id
Deletes this SSH key resource.
**OAuth scope**: `keys:write`
### GET /api/user/pgp-keys
List of [PGP key resources](#pgp-key-resource).
**OAuth scope**: `keys:read`
### POST /api/user/pgp-keys
Creates a new [PGP key resource](#pgp-key-resource).
**OAuth scope**: `keys:write`
**Request body**
```json
{
"pgp-key": "armored PGP key"
}
```
**Response**
The new [PGP key resource](#pgp-key-resource).
### GET /api/user/pgp-keys/:id
Retrieves a [PGP key resource](#pgp-key-resource).
**OAuth scope**: `keys:read`
### DELETE /api/user/pgp-keys/:id
Deletes this PGP key resource.
**OAuth scope**: `keys:write`
## Webhooks
### /api/user/...
Webhook for user events. Includes the [standard webhook
endpoints](/api-conventions.md#webhooks)
#### profile:update
Issued when the user's profile (bio, email, etc) is updated.
**OAuth scope**: `profile:read`
**Request body**
The updated [user resource](#user-resource).
#### ssh-key:add
Issued when the user adds an SSH key to their account.
**OAuth scope**: `keys:read`
**Request body**
The new [SSH key resource](#ssh-key-resource).
#### ssh-key:remove
Issued when the user removes an SSH key from their account.
**OAuth scope**: `keys:read`
**Request body**
```json
{
"id": integer ID of the affected SSH key resource
}
```
#### pgp-key:add
Issued when the user adds a PGP key to their account.
**OAuth scope**: `keys:read`
**Request body**
The new [PGP key resource](#pgp-key-resource).
#### pgp-key:remove
Issued when the user removes a PGP key from their account.
**OAuth scope**: `keys:read`
**Request body**
```json
{
"id": integer ID of the affected PGP key resource
}
```