# Get the authenticated principal

Resolve the current user and, for API-key callers, the key id and its granted scopes.

Returns the authenticated principal. For an API-key caller it also reports the key id and the scopes granted to it — the quickest way to verify a key's auth and scope setup. Works for both API-key and signed-in (session) callers.

## Example request

```bash
curl https://app.talent-ray.com/api/v1/me \
  -H "Authorization: Bearer tr_YOUR_KEY"
```

## Response

`200 OK`

```json
{
  "user": { "id": "user_abc123", "email": "integrations@acme.com", "role": "user" },
  "auth": { "type": "api_key", "keyId": "apikey_xyz789", "scopes": ["candidates:read", "roles:read"] }
}
```

For a session (cookie) caller, `auth.type` is `"session"` and there is no `keyId`/`scopes`.

## Status codes

| Status | Meaning |
| --- | --- |
| `200` | Success. |
| `401` | No valid credentials. |
| `429` | Rate limit exceeded. |