# 用户

管理账号资料与安全设置。多数团队很少调用这组端点——以只读为主。

## 端点

| 方法      | 路径                       | 用途          |
| ------- | ------------------------ | ----------- |
| `GET`   | `/users/me`              | 当前账号        |
| `PATCH` | `/users/me`              | 更新资料字段      |
| `GET`   | `/users/me/security`     | MFA 状态、上次登录 |
| `POST`  | `/users/me/security/mfa` | 启用 MFA      |

## `GET /users/me`

```bash
curl -H "Authorization: Bearer API_KEY" \
     https://api.helodata.com/v1/users/me
```

响应：

```json
{
  "id":          "usr_01HX2K3PQ4M5",
  "email":       "you@example.com",
  "company":     "Acme Inc.",
  "plan":        "pro",
  "kyc_status":  "approved",
  "created_at":  "2026-01-15T10:00:00Z",
  "balance": {
    "currency": "USD",
    "amount":   125.40
  }
}
```

### 字段

| 字段               | 类型             | 说明                                                      |
| ---------------- | -------------- | ------------------------------------------------------- |
| `id`             | string         | 账号 ULID                                                 |
| `email`          | string         | 登录邮箱                                                    |
| `company`        | string \| null | 可选公司名                                                   |
| `plan`           | string         | `trial`、`pay-as-you-go`、`starter`、`pro`、`enterprise` 之一 |
| `kyc_status`     | string         | `not-submitted`、`pending`、`approved`、`rejected`         |
| `balance.amount` | number         | 按 `balance.currency` 计的预付余额                             |

## `PATCH /users/me`

更新资料字段（修改邮箱需重新验证，仅在控制台完成）：

```bash
curl -X PATCH -H "Authorization: Bearer API_KEY" \
     -H "Content-Type: application/json" \
     -d '{"company": "Acme Subsidiary"}' \
     https://api.helodata.com/v1/users/me
```

可编辑字段：`company`、`billing_address`、`tax_id`、`default_currency`、`notification_email`。

## 安全

```bash
curl -H "Authorization: Bearer API_KEY" \
     https://api.helodata.com/v1/users/me/security
```

响应：

```json
{
  "mfa_enabled":   true,
  "mfa_method":    "totp",
  "last_login_at": "2026-05-28T07:14:22Z",
  "last_login_ip": "203.0.113.5"
}
```

API 启用 MFA 会返回 TOTP 密钥与恢复码：

```bash
curl -X POST -H "Authorization: Bearer API_KEY" \
     -d '{"method": "totp"}' \
     https://api.helodata.com/v1/users/me/security/mfa
```

返回的 `secret` 填入验证器 App；`recovery_codes` 为一次性兜底，请离线保存。

## 错误

| 状态码   | code                      | 含义           |
| ----- | ------------------------- | ------------ |
| `403` | `mfa_required`            | 该操作要求 MFA    |
| `409` | `email_in_use`            | 新邮箱已被占用      |
| `422` | `invalid_billing_address` | 地址未通过税务管辖区校验 |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.helodata.com/helodata-zh/api-can-kao/users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.