See the shiny docs at http://docs.accountjsonapi.apiary.io/. Comment / send PRs for apiary.apib.
All routes at a glance
# sign in, check session, sign out
PUT /session
GET /session
DELETE /session
# sign up, get / update / destroy account
# non-admins only
PUT /session/account
GET /session/account
PATCH /session/account
DELETE /session/account
# get / update profile
# non-admins only
GET /session/account/profile
PATCH /session/account/profile
# requests (e.g. password resets / username reminder, user account confirmation)
POST /requests
GET /requests # admins only
GET /requests/{id}
DELETE /requests/{id}
# admins only: manage accounts
POST /accounts
GET /accounts
GET /accounts/{username}
PATCH /accounts/{username}
DELETE /accounts/{username}
The route groups are implemented as hapi plugins themselves.
The options passed to the routes plugins are the same as the ones passed to the main plugin.
CouchDB admins do not require _users docs, which that plugin requires, as it
stores user IDs in a special id:<userId here> role. Because of that, the
/session/account & /session/account/profile routes are forbidden for admins.
And even if an admin account has a _users doc, it will not be returned by the
/accounts API for consistency reasons.