diff --git a/.gitignore b/.gitignore
index e649ed1c6..225e8e49a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -108,3 +108,7 @@ docs/docs/reference/adapter
 
 # Sentry Config File
 .sentryclirc
+
+# python
+__pycache__/
+.venv/
\ No newline at end of file
diff --git a/apps/backend/scripts/generate-docs.ts b/apps/backend/scripts/generate-docs.ts
index 488d6ba36..764d044d9 100644
--- a/apps/backend/scripts/generate-docs.ts
+++ b/apps/backend/scripts/generate-docs.ts
@@ -9,7 +9,7 @@ async function main() {
   for (const audience of ['client', 'server', 'admin'] as const) {
     const filePathPrefix = "src/app/api/v1";
     const importPathPrefix = "@/app/api/v1";
-    const filePaths = await glob(filePathPrefix + "/**/route.{js,jsx,ts,tsx}");
+    const filePaths = [...await glob(filePathPrefix + "/**/route.{js,jsx,ts,tsx}")];
     const openAPISchema = yaml.stringify(parseOpenAPI({
       endpoints: new Map(await Promise.all(filePaths.map(async (filePath) => {
         if (!filePath.startsWith(filePathPrefix)) {
@@ -18,7 +18,7 @@ async function main() {
         const suffix = filePath.slice(filePathPrefix.length);
         const midfix = suffix.slice(0, suffix.lastIndexOf("/route."));
         const importPath = `${importPathPrefix}${suffix}`;
-        const urlPath = midfix.replace("[", "{").replace("]", "}");
+        const urlPath = midfix.replaceAll("[", "{").replaceAll("]", "}");
         const module = require(importPath);
         const handlersByMethod = new Map(
           HTTP_METHODS.map(method => [method, module[method]] as const)
diff --git a/apps/backend/src/app/api/v1/auth/oauth/authorize/[provider]/route.tsx b/apps/backend/src/app/api/v1/auth/oauth/authorize/[provider]/route.tsx
index 2ee963a4d..1c79486da 100644
--- a/apps/backend/src/app/api/v1/auth/oauth/authorize/[provider]/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/oauth/authorize/[provider]/route.tsx
@@ -48,6 +48,7 @@ export const GET = createSmartRouteHandler({
   response: yupObject({
     // we never return as we always redirect
     statusCode: yupNumber().oneOf([302]).required(),
+    bodyType: yupString().oneOf(["empty"]).required(),
   }),
   async handler({ params, query }, fullReq) {
     const project = await getProject(query.client_id);
diff --git a/apps/backend/src/app/api/v1/auth/oauth/callback/[provider]/route.tsx b/apps/backend/src/app/api/v1/auth/oauth/callback/[provider]/route.tsx
index dc470bcb4..96c7105e4 100644
--- a/apps/backend/src/app/api/v1/auth/oauth/callback/[provider]/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/oauth/callback/[provider]/route.tsx
@@ -13,6 +13,7 @@ import { StackAssertionError, StatusError, throwErr } from "@stackframe/stack-sh
 import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
 import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
+import { oauthResponseToSmartResponse } from "../../oauth-helpers";
 
 const redirectOrThrowError = (error: KnownError, project: ProjectsCrud["Admin"]["Read"], errorRedirectUrl?: string) => {
   if (!errorRedirectUrl || !validateRedirectUrl(errorRedirectUrl, project.config.domains, project.config.allow_localhost)) {
@@ -33,7 +34,7 @@ export const GET = createSmartRouteHandler({
     query: yupMixed().required(),
   }),
   response: yupObject({
-    statusCode: yupNumber().required(),
+    statusCode: yupNumber().oneOf([302]).required(),
     bodyType: yupString().oneOf(["json"]).required(),
     body: yupMixed().required(),
     headers: yupMixed().required(),
@@ -44,7 +45,7 @@ export const GET = createSmartRouteHandler({
     cookies().delete("stack-oauth-inner-" + query.state);
 
     if (cookieInfo?.value !== 'true') {
-      throw new StatusError(StatusError.BadRequest, "stack-oauth cookie not found");
+      throw new StatusError(StatusError.BadRequest, "stack-oauth-inner-<xyz> cookie not found");
     }
 
     const outerInfoDB = await prismaClient.oAuthOuterInfo.findUnique({
@@ -54,7 +55,7 @@ export const GET = createSmartRouteHandler({
     });
 
     if (!outerInfoDB) {
-      throw new StatusError(StatusError.BadRequest, "Invalid stack-oauth cookie value. Please try signing in again.");
+      throw new StatusError(StatusError.BadRequest, "Invalid stack-oauth-inner-<xyz> cookie value. Please try signing in again.");
     }
 
     let outerInfo: Awaited<ReturnType<typeof oauthCookieSchema.validate>>;
@@ -275,11 +276,6 @@ export const GET = createSmartRouteHandler({
       throw error;
     }
 
-    return {
-      statusCode: oauthResponse.status || 200,
-      bodyType: "json",
-      body: oauthResponse.body,
-      headers: Object.fromEntries(Object.entries(oauthResponse.headers || {}).map(([k, v]) => ([k, [v]]))),
-    };
+    return oauthResponseToSmartResponse(oauthResponse);
   },
 });
diff --git a/apps/backend/src/app/api/v1/auth/oauth/oauth-helpers.tsx b/apps/backend/src/app/api/v1/auth/oauth/oauth-helpers.tsx
new file mode 100644
index 000000000..9315ff72c
--- /dev/null
+++ b/apps/backend/src/app/api/v1/auth/oauth/oauth-helpers.tsx
@@ -0,0 +1,46 @@
+import { SmartResponse } from "@/route-handlers/smart-response";
+import { Response as OAuthResponse } from "@node-oauth/oauth2-server";
+import { StackAssertionError, StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
+
+export function oauthResponseToSmartResponse(oauthResponse: OAuthResponse): SmartResponse {
+  if (!oauthResponse.status) {
+    throw new StackAssertionError(`OAuth response status is missing`, { oauthResponse });
+  } else if (oauthResponse.status >= 500 && oauthResponse.status < 600) {
+    throw new StackAssertionError(`OAuth server error: ${JSON.stringify(oauthResponse.body)}`, { oauthResponse });
+  } else if (oauthResponse.status >= 400 && oauthResponse.status < 500) {
+    throw new StatusError(oauthResponse.status, oauthResponse.body);
+  } else if (oauthResponse.status >= 200 && oauthResponse.status < 400) {
+    return {
+      statusCode: oauthResponse.status,
+      bodyType: "json",
+      body: oauthResponse.body,
+      headers: Object.fromEntries(Object.entries(oauthResponse.headers || {}).map(([k, v]) => ([k, [v]]))),
+    };
+  } else {
+    throw new StackAssertionError(`Invalid OAuth response status code: ${oauthResponse.status}`, { oauthResponse });
+  }
+}
+
+export abstract class OAuthResponseError extends StatusError {
+  public name = "OAuthResponseError";
+
+  constructor(
+    public readonly oauthResponse: OAuthResponse
+  ) {
+    super(
+      oauthResponse.status ?? throwErr(`OAuth response status is missing`),
+      JSON.stringify(oauthResponse.body),
+    );
+  }
+
+  public override getBody(): Uint8Array {
+    return new TextEncoder().encode(JSON.stringify(this.oauthResponse.body, undefined, 2));
+  }
+
+  public override getHeaders(): Record<string, string[]> {
+    return {
+      "Content-Type": ["application/json; charset=utf-8"],
+      ...Object.fromEntries(Object.entries(this.oauthResponse.headers || {}).map(([k, v]) => ([k, [v]]))),
+    };
+  }
+}
diff --git a/apps/backend/src/app/api/v1/auth/oauth/token/route.tsx b/apps/backend/src/app/api/v1/auth/oauth/token/route.tsx
index baaad4739..0f5515d79 100644
--- a/apps/backend/src/app/api/v1/auth/oauth/token/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/oauth/token/route.tsx
@@ -3,6 +3,7 @@ import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
 import { InvalidClientError, InvalidGrantError, Request as OAuthRequest, Response as OAuthResponse } from "@node-oauth/oauth2-server";
 import { KnownErrors } from "@stackframe/stack-shared/dist/known-errors";
 import { yupMixed, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+import { oauthResponseToSmartResponse } from "../oauth-helpers";
 
 export const POST = createSmartRouteHandler({
   metadata: {
@@ -12,7 +13,7 @@ export const POST = createSmartRouteHandler({
   },
   request: yupObject({}),
   response: yupObject({
-    statusCode: yupNumber().required(),
+    statusCode: yupNumber().oneOf([200]).required(),
     bodyType: yupString().oneOf(["json"]).required(),
     body: yupMixed().required(),
     headers: yupMixed().required(),
@@ -50,11 +51,6 @@ export const POST = createSmartRouteHandler({
       throw e;
     }
 
-    return {
-      statusCode: oauthResponse.status || 200,
-      bodyType: "json",
-      body: oauthResponse.body,
-      headers: Object.fromEntries(Object.entries(oauthResponse.headers || {}).map(([k, v]) => ([k, [v]]))),
-    };
+    return oauthResponseToSmartResponse(oauthResponse);
   },
 });
diff --git a/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx b/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx
index af38759ef..0181b0107 100644
--- a/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx
+++ b/apps/backend/src/app/api/v1/auth/otp/sign-in/verification-code-handler.tsx
@@ -28,6 +28,7 @@ export const signInVerificationCodeHandler = createVerificationCodeHandler({
   }),
   response: yupObject({
     statusCode: yupNumber().oneOf([200]).required(),
+    bodyType: yupString().oneOf(["json"]).required(),
     body: signInResponseSchema.required(),
   }),
   async send(codeObj, createOptions, sendOptions: { user: UsersCrud["Admin"]["Read"] }) {
@@ -64,6 +65,7 @@ export const signInVerificationCodeHandler = createVerificationCodeHandler({
 
     return {
       statusCode: 200,
+      bodyType: "json",
       body: {
         refresh_token: refreshToken,
         access_token: accessToken,
diff --git a/apps/backend/src/app/api/v1/auth/sessions/current/route.tsx b/apps/backend/src/app/api/v1/auth/sessions/current/route.tsx
index 3b37b0793..4515e95d6 100644
--- a/apps/backend/src/app/api/v1/auth/sessions/current/route.tsx
+++ b/apps/backend/src/app/api/v1/auth/sessions/current/route.tsx
@@ -17,15 +17,15 @@ export const DELETE = createSmartRouteHandler({
       project: adaptSchema,
     }).required(),
     headers: yupObject({
-      "x-stack-refresh-token": yupTuple([yupString()]),
+      "x-stack-refresh-token": yupTuple([yupString().required()]).required(),
     }),
   }),
   response: yupObject({
     statusCode: yupNumber().oneOf([200]).required(),
-    bodyType: yupString().oneOf(["empty"]).required(),
+    bodyType: yupString().oneOf(["success"]).required(),
   }),
   async handler({ auth: { project }, headers: { "x-stack-refresh-token": refreshTokenHeaders } }) {
-    if (!refreshTokenHeaders || !refreshTokenHeaders[0]) {
+    if (!refreshTokenHeaders[0]) {
       throw new StackAssertionError("Signing out without the refresh token is currently not supported. TODO: implement");
     }
     const refreshToken = refreshTokenHeaders[0];
@@ -50,7 +50,7 @@ export const DELETE = createSmartRouteHandler({
 
     return {
       statusCode: 200,
-      bodyType: "empty",
+      bodyType: "success",
     };
   },
 });
diff --git a/apps/backend/src/app/api/v1/check-feature-support/route.tsx b/apps/backend/src/app/api/v1/check-feature-support/route.tsx
index 049aa3bef..f4a86981c 100644
--- a/apps/backend/src/app/api/v1/check-feature-support/route.tsx
+++ b/apps/backend/src/app/api/v1/check-feature-support/route.tsx
@@ -4,6 +4,9 @@ import { deindent, typedCapitalize } from "@stackframe/stack-shared/dist/utils/s
 import { yupObject, yupString, yupNumber, yupMixed } from "@stackframe/stack-shared/dist/schema-fields";
 
 export const POST = createSmartRouteHandler({
+  metadata: {
+    hidden: true,
+  },
   request: yupObject({
     auth: yupObject({
       type: yupMixed(),
diff --git a/apps/backend/src/app/api/v1/contact-channels/send-verification-code/route.tsx b/apps/backend/src/app/api/v1/contact-channels/send-verification-code/route.tsx
index 20e2ffe72..8064f1330 100644
--- a/apps/backend/src/app/api/v1/contact-channels/send-verification-code/route.tsx
+++ b/apps/backend/src/app/api/v1/contact-channels/send-verification-code/route.tsx
@@ -1,7 +1,6 @@
-import * as yup from "yup";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
-import { adaptSchema, clientOrHigherAuthTypeSchema, signInEmailSchema, emailVerificationCallbackUrlSchema, yupObject, yupNumber, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { KnownErrors } from "@stackframe/stack-shared";
+import { adaptSchema, clientOrHigherAuthTypeSchema, emailVerificationCallbackUrlSchema, signInEmailSchema, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { contactChannelVerificationCodeHandler } from "../verify/verification-code-handler";
 
 export const POST = createSmartRouteHandler({
@@ -25,7 +24,7 @@ export const POST = createSmartRouteHandler({
     statusCode: yupNumber().oneOf([200]).required(),
     bodyType: yupString().oneOf(["success"]).required(),
   }),
-  async handler({ auth: { project, user }, body: { email, callback_url: callbackUrl } }, fullReq) {
+  async handler({ auth: { project, user }, body: { email, callback_url: callbackUrl } }) {
     if (user.primary_email !== email) {
       throw new KnownErrors.EmailIsNotPrimaryEmail(email, user.primary_email);
     }
diff --git a/apps/backend/src/app/api/v1/internal/projects/crud.tsx b/apps/backend/src/app/api/v1/internal/projects/crud.tsx
index 85150ad53..21f9f6328 100644
--- a/apps/backend/src/app/api/v1/internal/projects/crud.tsx
+++ b/apps/backend/src/app/api/v1/internal/projects/crud.tsx
@@ -16,7 +16,7 @@ export const internalProjectsCrudHandlers = createCrudHandlers(internalProjectsC
     if (!auth.user) {
       throw new KnownErrors.UserAuthenticationRequired();
     }
-    if (auth.user.project_id !== 'internal') {
+    if (auth.project.id !== "internal") {
       throw new KnownErrors.ExpectedInternalProject();
     }
   },
diff --git a/apps/backend/src/app/api/v1/route.ts b/apps/backend/src/app/api/v1/route.ts
index 2164c1497..f8ea76c56 100644
--- a/apps/backend/src/app/api/v1/route.ts
+++ b/apps/backend/src/app/api/v1/route.ts
@@ -1,9 +1,13 @@
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
+import { adaptSchema, projectIdSchema, yupNumber, yupObject, yupString, yupTuple } from "@stackframe/stack-shared/dist/schema-fields";
 import { deindent, typedCapitalize } from "@stackframe/stack-shared/dist/utils/strings";
-import * as yup from "yup";
-import { adaptSchema, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 
 export const GET = createSmartRouteHandler({
+  metadata: {
+    summary: "/api/v1",
+    description: "Returns a human-readable message with some useful information about the API.",
+    tags: [],
+  },
   request: yupObject({
     auth: yupObject({
       type: adaptSchema,
@@ -14,12 +18,22 @@ export const GET = createSmartRouteHandler({
       // No query parameters
       // empty object means that it will fail if query parameters are given regardless
     }),
+    headers: yupObject({
+      // we list all automatically parsed headers here so the documentation shows them
+      "X-Stack-Project-Id": yupTuple([projectIdSchema]),
+      "X-Stack-Access-Type": yupTuple([yupString().oneOf(["client", "server", "admin"])]),
+      "X-Stack-Access-Token": yupTuple([yupString()]),
+      "X-Stack-Refresh-Token": yupTuple([yupString()]),
+      "X-Stack-Publishable-Client-Key": yupTuple([yupString()]),
+      "X-Stack-Secret-Server-Key": yupTuple([yupString()]),
+      "X-Stack-Super-Secret-Admin-Key": yupTuple([yupString()]),
+    }),
     method: yupString().oneOf(["GET"]).required(),
   }),
   response: yupObject({
     statusCode: yupNumber().oneOf([200]).required(),
     bodyType: yupString().oneOf(["text"]).required(),
-    body: yupString().required(),
+    body: yupString().required().meta({ openapiField: { exampleValue: "Welcome to the Stack API endpoint! Please refer to the documentation at https://docs.stack-auth.com/\n\nAuthentication: None" } }),
   }),
   handler: async (req) => {
     return {
diff --git a/apps/backend/src/app/api/v1/team-memberships/crud.tsx b/apps/backend/src/app/api/v1/team-memberships/crud.tsx
index 6c34c4d99..d9f711bcc 100644
--- a/apps/backend/src/app/api/v1/team-memberships/crud.tsx
+++ b/apps/backend/src/app/api/v1/team-memberships/crud.tsx
@@ -3,7 +3,6 @@ import { isTeamSystemPermission, teamSystemPermissionStringToDBType } from "@/li
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
 import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
-import { KnownErrors } from "@stackframe/stack-shared";
 import { teamMembershipsCrud } from "@stackframe/stack-shared/dist/interface/crud/team-memberships";
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 
diff --git a/apps/backend/src/app/api/v1/team-permissions/crud.tsx b/apps/backend/src/app/api/v1/team-permissions/crud.tsx
index 9fa1ab0fb..71ea6750f 100644
--- a/apps/backend/src/app/api/v1/team-permissions/crud.tsx
+++ b/apps/backend/src/app/api/v1/team-permissions/crud.tsx
@@ -7,10 +7,10 @@ import { StatusError } from "@stackframe/stack-shared/dist/utils/errors";
 
 export const teamPermissionsCrudHandlers = createCrudHandlers(teamPermissionsCrud, {
   querySchema: yupObject({
-    team_id: yupString().uuid().optional(),
-    user_id: userIdOrMeSchema.optional(),
-    permission_id: teamPermissionDefinitionIdSchema.optional(),
-    recursive: yupString().oneOf(['true', 'false']).optional(),
+    team_id: yupString().uuid().optional().meta({ openapiField: { description: 'Filter with the team ID. If set, only the permissions of the members in a specific team will be returned.', exampleValue: 'cce084a3-28b7-418e-913e-c8ee6d802ea4' } }),
+    user_id: userIdOrMeSchema.optional().meta({ openapiField: { description: 'Filter with the user ID. If set, only the permissions this user has will be returned. Client request must set `user_id=me`', exampleValue: 'me' } }),
+    permission_id: teamPermissionDefinitionIdSchema.optional().meta({ openapiField: { description: 'Filter with the permission ID. If set, only the permissions with this specific ID will be returned', exampleValue: '16399452-c4f3-4554-8e44-c2d67bb60360' } }),
+    recursive: yupString().oneOf(['true', 'false']).optional().meta({ openapiField: { description: 'Whether to list permissions recursively. If set to `false`, only the permission the users directly have will be listed. If set to `true` all the direct and indirect permissions will be listed.', exampleValue: 'true' } }),
   }),
   paramsSchema: yupObject({
     team_id: yupString().uuid().required(),
diff --git a/apps/backend/src/app/api/v1/teams/crud.tsx b/apps/backend/src/app/api/v1/teams/crud.tsx
index de3a62825..94d7c109b 100644
--- a/apps/backend/src/app/api/v1/teams/crud.tsx
+++ b/apps/backend/src/app/api/v1/teams/crud.tsx
@@ -9,6 +9,7 @@ import { KnownErrors } from "@stackframe/stack-shared";
 import { teamsCrud } from "@stackframe/stack-shared/dist/interface/crud/teams";
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
+import { createLazyProxy } from "@stackframe/stack-shared/dist/utils/proxies";
 
 
 export function teamPrismaToCrud(prisma: Prisma.TeamGetPayload<{}>) {
@@ -20,10 +21,10 @@ export function teamPrismaToCrud(prisma: Prisma.TeamGetPayload<{}>) {
   };
 }
 
-export const teamsCrudHandlers = createCrudHandlers(teamsCrud, {
+export const teamsCrudHandlers = createLazyProxy(() => createCrudHandlers(teamsCrud, {
   querySchema: yupObject({
-    user_id: userIdOrMeSchema.optional(),
-    add_current_user: yupString().oneOf(["true", "false"]).optional(),
+    user_id: userIdOrMeSchema.optional().meta({ openapiField: { onlyShowInOperations: ['List'], description: 'Filter for the teams that the user is a member of. Can be either `me` or an ID. Must be `me` in the client API', exampleValue: 'me' } }),
+    add_current_user: yupString().oneOf(["true", "false"]).optional().meta({ openapiField: { onlyShowInOperations: ['Create'], description: "If to add the current user to the team. If this is not `true`, the newly created team will have no members. Notice that if you didn't specify `add_current_user=true` on the client side, the user cannot join the team again without re-adding them on the server side.", exampleValue: 'true' } }),
   }),
   paramsSchema: yupObject({
     team_id: yupString().uuid().required(),
@@ -174,4 +175,4 @@ export const teamsCrudHandlers = createCrudHandlers(teamsCrud, {
       is_paginated: false,
     };
   }
-});
+}));
diff --git a/apps/backend/src/app/api/v1/users/crud.tsx b/apps/backend/src/app/api/v1/users/crud.tsx
index 42b7c759a..2aa5e5e11 100644
--- a/apps/backend/src/app/api/v1/users/crud.tsx
+++ b/apps/backend/src/app/api/v1/users/crud.tsx
@@ -28,7 +28,6 @@ const prismaToCrud = (prisma: Prisma.ProjectUserGetPayload<{ include: typeof ful
     throw new StackAssertionError("User cannot have more than one selected team; this should never happen");
   }
   return {
-    project_id: prisma.projectId,
     id: prisma.projectUserId,
     display_name: prisma.displayName || null,
     primary_email: prisma.primaryEmail,
@@ -52,7 +51,7 @@ const prismaToCrud = (prisma: Prisma.ProjectUserGetPayload<{ include: typeof ful
 
 export const usersCrudHandlers = createLazyProxy(() => createCrudHandlers(usersCrud, {
   querySchema: yupObject({
-    team_id: yupString().uuid().optional(),
+    team_id: yupString().uuid().optional().meta({ openapiField: { onlyShowInOperations: [ 'List' ] }})
   }),
   paramsSchema: yupObject({
     user_id: userIdOrMeSchema.required(),
diff --git a/apps/backend/src/lib/openapi.tsx b/apps/backend/src/lib/openapi.tsx
index b4fb51550..98cc54347 100644
--- a/apps/backend/src/lib/openapi.tsx
+++ b/apps/backend/src/lib/openapi.tsx
@@ -1,6 +1,6 @@
 import { SmartRouteHandler } from '@/route-handlers/smart-route-handler';
-import { EndpointDocumentation } from '@stackframe/stack-shared/dist/crud';
-import { StackAssertionError } from '@stackframe/stack-shared/dist/utils/errors';
+import { CrudlOperation, EndpointDocumentation } from '@stackframe/stack-shared/dist/crud';
+import { StackAssertionError, throwErr } from '@stackframe/stack-shared/dist/utils/errors';
 import { HttpMethod } from '@stackframe/stack-shared/dist/utils/http';
 import { typedEntries, typedFromEntries } from '@stackframe/stack-shared/dist/utils/objects';
 import { deindent } from '@stackframe/stack-shared/dist/utils/strings';
@@ -31,7 +31,8 @@ export function parseOpenAPI(options: {
               .filter(([_, handler]) => handler !== undefined)
           )]
         ))
-        .filter(([_, handlersByMethod]) => Object.keys(handlersByMethod).length > 0),
+        .filter(([_, handlersByMethod]) => Object.keys(handlersByMethod).length > 0)
+        .sort(([_a, handlersByMethodA], [_b, handlersByMethodB]) => ((Object.values(handlersByMethodA)[0] as any).tags[0] ?? "").localeCompare(((Object.values(handlersByMethodB)[0] as any).tags[0] ?? ""))),
     ),
   };
 }
@@ -57,6 +58,14 @@ function isSchemaTupleDescription(value: yup.SchemaFieldDescription): value is y
   return value.type === 'tuple';
 }
 
+function isSchemaStringDescription(value: yup.SchemaFieldDescription): value is yup.SchemaDescription & { type: 'string' } {
+  return value.type === 'string';
+}
+
+function isSchemaNumberDescription(value: yup.SchemaFieldDescription): value is yup.SchemaDescription & { type: 'number' } {
+  return value.type === 'number';
+}
+
 function isMaybeRequestSchemaForAudience(requestDescribe: yup.SchemaObjectDescription, audience: 'client' | 'server' | 'admin') {
   const schemaAuth = requestDescribe.fields.auth;
   // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- yup types are wrong and claim that fields always exist
@@ -66,9 +75,10 @@ function isMaybeRequestSchemaForAudience(requestDescribe: yup.SchemaObjectDescri
   const schemaAudience = schemaAuth.fields.type;
   // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- same as above
   if (!schemaAudience) return true;
-  if ("oneOf" in schemaAudience) {
+  if ("oneOf" in schemaAudience && schemaAudience.oneOf.length > 0) {
     return schemaAudience.oneOf.includes(audience);
   }
+  return true;
 }
 
 
@@ -108,20 +118,27 @@ function parseRouteHandler(options: {
       path: options.path,
       pathDesc: undefinedIfMixed(requestDescribe.fields.params),
       parameterDesc: undefinedIfMixed(requestDescribe.fields.query),
+      headerDesc: undefinedIfMixed(requestDescribe.fields.headers),
       requestBodyDesc: undefinedIfMixed(requestDescribe.fields.body),
       responseDesc: undefinedIfMixed(responseDescribe.fields.body),
+      responseTypeDesc: undefinedIfMixed(responseDescribe.fields.bodyType) ?? throwErr('Response type must be defined and not mixed', { options, bodyTypeField: responseDescribe.fields.bodyType }),
+      statusCodeDesc: undefinedIfMixed(responseDescribe.fields.statusCode) ?? throwErr('Status code must be defined and not mixed', { options, statusCodeField: responseDescribe.fields.statusCode }),
     });
   }
 
   return result;
 }
 
-function getFieldSchema(field: yup.SchemaFieldDescription): { type: string, items?: any, properties?: any, required?: any } | undefined {
+function getFieldSchema(field: yup.SchemaFieldDescription, crudOperation?: Capitalize<CrudlOperation>): { type: string, items?: any, properties?: any, required?: any } | undefined {
   const meta = "meta" in field ? field.meta : {};
   if (meta?.openapiField?.hidden) {
     return undefined;
   }
 
+  if (meta?.openapiField?.onlyShowInOperations && !meta.openapiField.onlyShowInOperations.includes(crudOperation as any)) {
+    return undefined;
+  }
+
   const openapiFieldExtra = {
     example: meta?.openapiField?.exampleValue,
     description: meta?.openapiField?.description,
@@ -140,15 +157,15 @@ function getFieldSchema(field: yup.SchemaFieldDescription): { type: string, item
       return {
         type: 'object',
         properties: typedFromEntries(typedEntries((field as any).fields)
-          .map(([key, field]) => [key, getFieldSchema(field)])),
+          .map(([key, field]) => [key, getFieldSchema(field, crudOperation)])),
         required: typedEntries((field as any).fields)
-          .filter(([_, field]) => !(field as any).optional && !(field as any).nullable)
+          .filter(([_, field]) => !(field as any).optional && !(field as any).nullable && getFieldSchema(field as any, crudOperation))
           .map(([key]) => key),
         ...openapiFieldExtra
       };
     }
     case 'array': {
-      return { type: 'array', items: getFieldSchema((field as any).innerType), ...openapiFieldExtra };
+      return { type: 'array', items: getFieldSchema((field as any).innerType, crudOperation), ...openapiFieldExtra };
     }
     default: {
       throw new Error(`Unsupported field type: ${field.type}`);
@@ -156,7 +173,7 @@ function getFieldSchema(field: yup.SchemaFieldDescription): { type: string, item
   }
 }
 
-function toParameters(description: yup.SchemaFieldDescription, path?: string) {
+function toParameters(description: yup.SchemaFieldDescription, crudOperation?: Capitalize<CrudlOperation>, path?: string) {
   const pathParams: string[] = path ? path.match(/{[^}]+}/g) || [] : [];
   if (!isSchemaObjectDescription(description)) {
     throw new StackAssertionError('Parameters field must be an object schema', { actual: description });
@@ -164,57 +181,88 @@ function toParameters(description: yup.SchemaFieldDescription, path?: string) {
 
   return Object.entries(description.fields).map(([key, field]) => {
     if (path && !pathParams.includes(`{${key}}`)) {
-      return { schema: null };
+      return { schema: undefined };
     }
+
+    const meta = "meta" in field ? field.meta : {};
+    const schema = getFieldSchema(field, crudOperation);
     return {
       name: key,
       in: path ? 'path' : 'query',
-      schema: getFieldSchema(field as any),
-      required: !(field as any).optional && !(field as any).nullable,
+      schema,
+      description: meta?.openapiField?.description,
+      required: !(field as any).optional && !(field as any).nullable && schema,
+    };
+  }).filter((x) => x.schema !== undefined);
+}
+
+function toHeaderParameters(description: yup.SchemaFieldDescription, crudOperation?: Capitalize<CrudlOperation>) {
+  if (!isSchemaObjectDescription(description)) {
+    throw new StackAssertionError('Parameters field must be an object schema', { actual: description });
+  }
+
+  return Object.entries(description.fields).map(([key, tupleField]) => {
+    if (!isSchemaTupleDescription(tupleField)) {
+      throw new StackAssertionError('Header field must be a tuple schema', { actual: tupleField, key });
+    }
+    if (tupleField.innerType.length !== 1) {
+      throw new StackAssertionError('Header fields of length !== 1 not currently supported', { actual: tupleField, key });
+    }
+    const field = tupleField.innerType[0];
+    const meta = "meta" in field ? field.meta : {};
+    const schema = getFieldSchema(field, crudOperation);
+    return {
+      name: key,
+      in: 'header',
+      type: 'string',
+      schema,
+      description: meta?.openapiField?.description,
+      example: meta?.openapiField?.exampleValue,
+      required: !(field as any).optional && !(field as any).nullable && !!schema,
     };
-  }).filter((x) => x.schema !== null);
+  }).filter((x) => x.schema !== undefined);
 }
 
-function toSchema(description: yup.SchemaFieldDescription): any {
+function toSchema(description: yup.SchemaFieldDescription, crudOperation?: Capitalize<CrudlOperation>): any {
   if (isSchemaObjectDescription(description)) {
     return {
       type: 'object',
       properties: Object.fromEntries(Object.entries(description.fields).map(([key, field]) => {
-        return [key, getFieldSchema(field)];
+        return [key, getFieldSchema(field, crudOperation)];
       }, {}))
     };
   } else if (isSchemaArrayDescription(description)) {
     return {
       type: 'array',
-      items: toSchema(description.innerType),
+      items: toSchema(description.innerType, crudOperation),
     };
   } else {
-    throw new StackAssertionError(`Unsupported schema type: ${description.type}`, { actual: description });
+    throw new StackAssertionError(`Unsupported schema type in toSchema: ${description.type}`, { actual: description });
   }
 }
 
-function toRequired(description: yup.SchemaFieldDescription) {
+function toRequired(description: yup.SchemaFieldDescription, crudOperation?: Capitalize<CrudlOperation>) {
   let res: string[] = [];
   if (isSchemaObjectDescription(description)) {
     res = Object.entries(description.fields)
-      .filter(([_, field]) => !(field as any).optional && !(field as any).nullable)
+      .filter(([_, field]) => !(field as any).optional && !(field as any).nullable && getFieldSchema(field, crudOperation))
       .map(([key]) => key);
   } else if (isSchemaArrayDescription(description)) {
     res = [];
   } else {
-    throw new StackAssertionError(`Unsupported schema type: ${description.type}`, { actual: description });
+    throw new StackAssertionError(`Unsupported schema type in toRequired: ${description.type}`, { actual: description });
   }
   if (res.length === 0) return undefined;
   return res;
 }
 
-function toExamples(description: yup.SchemaFieldDescription) {
+function toExamples(description: yup.SchemaFieldDescription, crudOperation?: Capitalize<CrudlOperation>) {
   if (!isSchemaObjectDescription(description)) {
     throw new StackAssertionError('Examples field must be an object schema', { actual: description });
   }
 
   return Object.entries(description.fields).reduce((acc, [key, field]) => {
-    const schema = getFieldSchema(field);
+    const schema = getFieldSchema(field, crudOperation);
     if (!schema) return acc;
     const example = "meta" in field ? field.meta?.openapiField?.exampleValue : undefined;
     return { ...acc, [key]: example };
@@ -227,18 +275,23 @@ export function parseOverload(options: {
   path: string,
   pathDesc?: yup.SchemaFieldDescription,
   parameterDesc?: yup.SchemaFieldDescription,
+  headerDesc?: yup.SchemaFieldDescription,
   requestBodyDesc?: yup.SchemaFieldDescription,
   responseDesc?: yup.SchemaFieldDescription,
+  responseTypeDesc: yup.SchemaFieldDescription,
+  statusCodeDesc: yup.SchemaFieldDescription,
 }) {
   const endpointDocumentation = options.metadata ?? {
     summary: `${options.method} ${options.path}`,
     description: `No documentation available for this endpoint.`,
   };
+  if (endpointDocumentation.hidden) {
+    return undefined;
+  }
 
-  const pathParameters = options.pathDesc ? toParameters(options.pathDesc, options.path) : [];
-  const queryParameters = options.parameterDesc ? toParameters(options.parameterDesc) : [];
-  const responseSchema = options.responseDesc ? toSchema(options.responseDesc) : {};
-  const responseRequired = options.responseDesc ? toRequired(options.responseDesc) : undefined;
+  const pathParameters = options.pathDesc ? toParameters(options.pathDesc, endpointDocumentation.crudOperation, options.path) : [];
+  const queryParameters = options.parameterDesc ? toParameters(options.parameterDesc, endpointDocumentation.crudOperation) : [];
+  const headerParameters = options.headerDesc ? toHeaderParameters(options.headerDesc, endpointDocumentation.crudOperation) : [];
 
   let requestBody;
   if (options.requestBodyDesc) {
@@ -247,37 +300,116 @@ export function parseOverload(options: {
       content: {
         'application/json': {
           schema: {
-            ...toSchema(options.requestBodyDesc),
-            required: toRequired(options.requestBodyDesc),
-            example: toExamples(options.requestBodyDesc),
+            ...toSchema(options.requestBodyDesc, endpointDocumentation.crudOperation),
+            required: toRequired(options.requestBodyDesc, endpointDocumentation.crudOperation),
+            example: toExamples(options.requestBodyDesc, endpointDocumentation.crudOperation),
           },
         },
       },
     };
   }
 
-  if (endpointDocumentation.hidden) {
-    return undefined;
-  }
-
-  return {
+  const exRes = {
     summary: endpointDocumentation.summary,
     description: endpointDocumentation.description,
-    parameters: queryParameters.concat(pathParameters),
+    parameters: [...queryParameters, ...pathParameters, ...headerParameters],
     requestBody,
     tags: endpointDocumentation.tags ?? ["Others"],
-    responses: {
-      200: {
-        description: 'Successful response',
-        content: {
-          'application/json': {
-            schema: {
-              ...responseSchema,
-              required: responseRequired,
+  } as const;
+
+  if (!isSchemaStringDescription(options.responseTypeDesc)) {
+    throw new StackAssertionError(`Expected response type to be a string`, { actual: options.responseTypeDesc, options });
+  }
+  if (options.responseTypeDesc.oneOf.length !== 1) {
+    throw new StackAssertionError(`Expected response type to have exactly one value`, { actual: options.responseTypeDesc, options });
+  }
+  const bodyType = options.responseTypeDesc.oneOf[0];
+
+  if (!isSchemaNumberDescription(options.statusCodeDesc)) {
+    throw new StackAssertionError('Expected status code to be a number', { actual: options.statusCodeDesc, options });
+  }
+  if (options.statusCodeDesc.oneOf.length !== 1) {
+    throw new StackAssertionError('Expected status code to have exactly one value', { actual: options.statusCodeDesc.oneOf, options });
+  }
+  const status = options.statusCodeDesc.oneOf[0] as number;
+
+  switch (bodyType) {
+    case 'json': {
+      return {
+        ...exRes,
+        responses: {
+          [status]: {
+            description: 'Successful response',
+            content: {
+              'application/json': {
+                schema: {
+                  ...options.responseDesc ? toSchema(options.responseDesc, endpointDocumentation.crudOperation) : {},
+                  required: options.responseDesc ? toRequired(options.responseDesc, endpointDocumentation.crudOperation) : undefined,
+                },
+              },
             },
           },
         },
-      },
-    },
-  };
+      };
+    }
+    case 'text': {
+      if (!options.responseDesc || !isSchemaStringDescription(options.responseDesc)) {
+        throw new StackAssertionError('Expected response body of bodyType=="text" to be a string schema', { actual: options.responseDesc });
+      }
+      return {
+        ...exRes,
+        responses: {
+          [status]: {
+            description: 'Successful response',
+            content: {
+              'text/plain': {
+                schema: {
+                  type: 'string',
+                  example: options.responseDesc.meta?.openapiField?.exampleValue,
+                },
+              },
+            },
+          },
+        },
+      };
+    }
+    case 'success': {
+      return {
+        ...exRes,
+        responses: {
+          [status]: {
+            description: 'Successful response',
+            content: {
+              "application/json": {
+                schema: {
+                  type: "object",
+                  properties: {
+                    success: {
+                      type: "boolean",
+                      description: "Always equal to true.",
+                      example: true,
+                    },
+                  },
+                  required: ["success"],
+                },
+              },
+            },
+          },
+        },
+      };
+    }
+    case 'empty': {
+      return {
+        ...exRes,
+        responses: {
+          [status]: {
+            description: 'No content',
+          },
+        },
+      };
+    }
+    default: {
+      throw new StackAssertionError(`Unsupported body type: ${bodyType}`);
+    }
+  }
 }
diff --git a/apps/backend/src/route-handlers/crud-handler.tsx b/apps/backend/src/route-handlers/crud-handler.tsx
index 333803167..624cc65ab 100644
--- a/apps/backend/src/route-handlers/crud-handler.tsx
+++ b/apps/backend/src/route-handlers/crud-handler.tsx
@@ -2,7 +2,7 @@ import "../polyfills";
 
 import * as yup from "yup";
 import { SmartRouteHandler, routeHandlerTypeHelper, createSmartRouteHandler } from "./smart-route-handler";
-import { CrudOperation, CrudSchema, CrudTypeOf, CrudlOperation } from "@stackframe/stack-shared/dist/crud";
+import { CrudSchema, CrudTypeOf, CrudlOperation } from "@stackframe/stack-shared/dist/crud";
 import { FilterUndefined } from "@stackframe/stack-shared/dist/utils/objects";
 import { typedIncludes } from "@stackframe/stack-shared/dist/utils/arrays";
 import { deindent, typedToLowercase } from "@stackframe/stack-shared/dist/utils/strings";
@@ -131,7 +131,7 @@ export function createCrudHandlers<
             crudOperation === "List"
               ? yupObject({
                 items: yupArray(read).required(),
-                is_paginated: yupBoolean().oneOf([false]).required(),
+                is_paginated: yupBoolean().oneOf([false]).required().meta({ openapiField: { hidden: true } }),
               }).required()
               : crudOperation === "Delete"
                 ? yupMixed<any>().oneOf([undefined])
@@ -195,11 +195,11 @@ export function createCrudHandlers<
                 query: (options.querySchema ?? yupObject({})) as QuerySchema,
               }),
               response: yupObject({
-                statusCode: yupNumber().oneOf([200, 201]).required(),
+                statusCode: yupNumber().oneOf([crudOperation === "Create" ? 201 : 200]).required(),
                 headers: yupObject({
                   location: yupArray(yupString().required()).default([]),
                 }),
-                bodyType: yupString().oneOf([crudOperation === "Delete" ? "empty" : "json"]).required(),
+                bodyType: yupString().oneOf([crudOperation === "Delete" ? "success" : "json"]).required(),
                 body: accessSchemas.output,
               }),
               handler: async (req, fullReq) => {
@@ -217,14 +217,16 @@ export function createCrudHandlers<
                   headers: {
                     location: crudOperation === "Create" ? [req.url] : [],
                   },
-                  bodyType: crudOperation === "Delete" ? "empty" : "json",
+                  bodyType: crudOperation === "Delete" ? "success" : "json",
                   body: result,
                 };
               },
             });
+
+            const metadata = crud[accessType][`${typedToLowercase(crudOperation)}Docs`];
             return {
               ...frw,
-              metadata: crud[accessType][`${typedToLowercase(crudOperation)}Docs`],
+              metadata: metadata ? (metadata.hidden ? metadata : { ...metadata, crudOperation }) : undefined,
             };
           }
         );
diff --git a/apps/e2e/tests/backend/backend-helpers.ts b/apps/e2e/tests/backend/backend-helpers.ts
index 0b652eaae..5d02433a0 100644
--- a/apps/e2e/tests/backend/backend-helpers.ts
+++ b/apps/e2e/tests/backend/backend-helpers.ts
@@ -139,6 +139,7 @@ export namespace Auth {
     expect(response).toMatchInlineSnapshot(`
       NiceResponse {
         "status": 200,
+        "body": { "success": true },
         "headers": Headers { <some fields may have been hidden> },
       }
     `);
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/auth/sessions/current/index.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/auth/sessions/current/index.test.ts
index 5ce4daf6f..639a154b9 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/auth/sessions/current/index.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/auth/sessions/current/index.test.ts
@@ -8,6 +8,7 @@ it("should sign out users", async ({ expect }) => {
   expect(res.signOutResponse).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 200,
+      "body": { "success": true },
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
index a6a7b1b74..ecb7c3d12 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts
@@ -74,7 +74,6 @@ it("creates a team and manage users in it", async ({ expect }) => {
             "primary_email": "<stripped UUID>@stack-generated.example.com",
             "primary_email_verified": true,
             "profile_image_url": null,
-            "project_id": "internal",
             "selected_team": null,
             "selected_team_id": null,
             "server_metadata": null,
@@ -90,7 +89,6 @@ it("creates a team and manage users in it", async ({ expect }) => {
             "primary_email": "<stripped UUID>@stack-generated.example.com",
             "primary_email_verified": true,
             "profile_image_url": null,
-            "project_id": "internal",
             "selected_team": null,
             "selected_team_id": null,
             "server_metadata": null,
@@ -111,6 +109,7 @@ it("creates a team and manage users in it", async ({ expect }) => {
   expect(response3).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 200,
+      "body": { "success": true },
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
@@ -135,7 +134,6 @@ it("creates a team and manage users in it", async ({ expect }) => {
             "primary_email": "<stripped UUID>@stack-generated.example.com",
             "primary_email_verified": true,
             "profile_image_url": null,
-            "project_id": "internal",
             "selected_team": null,
             "selected_team_id": null,
             "server_metadata": null,
@@ -186,4 +184,4 @@ it("should give team creator default permissions", async ({ expect }) => {
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
-});
\ No newline at end of file
+});
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/team-permission-definitions.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/team-permission-definitions.test.ts
index 1334d1bca..616ff2493 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/team-permission-definitions.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/team-permission-definitions.test.ts
@@ -236,6 +236,7 @@ it("creates, updates, and delete a new team permission", async ({ expect }) => {
   expect(response5).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 200,
+      "body": { "success": true },
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
index f407e4b81..f5153ddc0 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
@@ -283,6 +283,7 @@ it("deletes a team on the server", async ({ expect }) => {
   expect(response1).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 200,
+      "body": { "success": true },
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
@@ -298,4 +299,4 @@ it("deletes a team on the server", async ({ expect }) => {
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
-});
\ No newline at end of file
+});
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
index dd1a3c84d..c74e26896 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
@@ -85,7 +85,6 @@ describe("with client access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
@@ -114,7 +113,6 @@ describe("with client access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
@@ -188,7 +186,6 @@ describe("with client access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
@@ -216,7 +213,6 @@ describe("with client access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
@@ -312,7 +308,6 @@ describe("with client access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
@@ -340,7 +335,6 @@ describe("with client access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
@@ -428,7 +422,6 @@ describe("with server access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "server_metadata": null,
@@ -461,7 +454,6 @@ describe("with server access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "server_metadata": null,
@@ -481,6 +473,7 @@ describe("with server access", () => {
     expect(response).toMatchInlineSnapshot(`
       NiceResponse {
         "status": 200,
+        "body": { "success": true },
         "headers": Headers { <some fields may have been hidden> },
       }
     `);
@@ -513,7 +506,6 @@ describe("with server access", () => {
           "primary_email": "<stripped UUID>@stack-generated.example.com",
           "primary_email_verified": true,
           "profile_image_url": null,
-          "project_id": "internal",
           "selected_team": null,
           "selected_team_id": null,
           "server_metadata": null,
diff --git a/docs/fern/docs.yml b/docs/fern/docs.yml
index 79f05865c..bd4fa64f6 100644
--- a/docs/fern/docs.yml
+++ b/docs/fern/docs.yml
@@ -25,20 +25,23 @@ tabs:
 navigation:
   - tab: documentation
     layout: 
-      - section: Get Started
+      - page: Overview
+        icon: fa-regular fa-globe
+        path: ./docs/pages/overview.mdx
+      - page: FAQ
+        icon: fa-regular fa-circle-question
+        path: ./docs/pages/faq.mdx
+      - section: Getting Started
         contents:
-          - page: Overview
-            icon: fa-regular fa-globe
-            path: ./docs/pages/getting-started/overview.mdx
           - page: Installation & Setup
             icon: fa-regular fa-download
             path: ./docs/pages/getting-started/setup.mdx
+          - page: Components
+            icon: fa-regular fa-puzzle
+            path: ./docs/pages/getting-started/components.mdx
           - page: Users
             icon: fa-regular fa-address-book
             path: ./docs/pages/getting-started/users.mdx
-          # - page: Protecting Pages
-          #   icon: fa-regular fa-shield-check
-          #   path: ./docs/pages/getting-started/protecting-pages.mdx
           - page: Going to Production
             icon: fa-regular fa-rocket
             path: ./docs/pages/getting-started/production.mdx
@@ -107,15 +110,21 @@ navigation:
 
   - tab: api
     layout: 
+      - page: API Overview
+        icon: fa-regular fa-globe
+        path: ./docs/pages/rest-api/auth.mdx
+      - page: Examples
+        icon: fa-regular fa-code
+        path: ./docs/pages/rest-api/examples.mdx
       - api: Client API Reference
         slug: client
         api-name: client
       - api: Server API Reference
         slug: server
         api-name: server
-      - api: Admin API Reference
-        slug: admin
-        api-name: admin
+      # - api: Admin API Reference
+      #   slug: admin
+      #   api-name: admin
 
 navbar-links:
   - type: secondary
diff --git a/docs/fern/docs/pages/concepts/permissions.mdx b/docs/fern/docs/pages/concepts/permissions.mdx
index 702393e6d..427a0d2a7 100644
--- a/docs/fern/docs/pages/concepts/permissions.mdx
+++ b/docs/fern/docs/pages/concepts/permissions.mdx
@@ -19,7 +19,7 @@ Stack comes with a few predefined team permissions known as system permissions.
 
 ### Checking if a User has a Permission
 
-To check whether a user has a specific permission, use the `getPermission` method or the `usePermission` hook on the `User` object. This returns the `Permission` object if the user has it; otherwise, it returns `null`. Always perform permission checks on the server side for business logic, as client-side checks can be bypassed. Here’s an example:
+To check whether a user has a specific permission, use the `getPermission` method or the `usePermission` hook on the `User` object. This returns the `Permission` object if the user has it; otherwise, it returns `null`. Always perform permission checks on the server side for business logic, as client-side checks can be bypassed. Here's an example:
 
 <Tabs>
   <Tab title="Client Component">
@@ -109,7 +109,7 @@ To get a list of all permissions a user has, use the `listPermissions` method or
 
 ### Granting a Permission to a User
 
-To grant a permission to a user, use the `grantPermission` method on the `ServerUser`. Here’s an example:
+To grant a permission to a user, use the `grantPermission` method on the `ServerUser`. Here's an example:
 
 ```tsx
 const team = await stackServerApp.getTeam('teamId');
@@ -119,7 +119,7 @@ await user.grantPermission(team, 'read');
 
 ### Revoking a Permission from a User
 
-To revoke a permission from a user, use the `revokePermission` method on the `ServerUser`. Here’s an example:
+To revoke a permission from a user, use the `revokePermission` method on the `ServerUser`. Here's an example:
 
 ```tsx
 const team = await stackServerApp.getTeam('teamId');
diff --git a/docs/fern/docs/pages/concepts/teams.mdx b/docs/fern/docs/pages/concepts/teams.mdx
index ceefba98d..de9c696eb 100644
--- a/docs/fern/docs/pages/concepts/teams.mdx
+++ b/docs/fern/docs/pages/concepts/teams.mdx
@@ -19,7 +19,7 @@ const team = await stackServerApp.createTeam({
 
 ## Adding a User to a Team
 
-To add a user to a team, use the `addUser` method on the `Team` object. Here’s how:
+To add a user to a team, use the `addUser` method on the `Team` object. Here's how:
 
 ```tsx title="Add a User to a Team"
 const team = await stackServerApp.getTeam('teamId');
@@ -73,7 +73,7 @@ You can list all the teams a user belongs to by using the `listTeams` method or
 
 ## Get Specific Team of a User
 
-To obtain details of a specific team a user belongs to, use the `getTeam` method or `useTeam` hook. Note: this might return `null` if the user is not a member of that team. Here’s an example:
+To obtain details of a specific team a user belongs to, use the `getTeam` method or `useTeam` hook. Note: this might return `null` if the user is not a member of that team. Here's an example:
 
 <Tabs>
   <Tab title="Client Component">
@@ -114,7 +114,7 @@ To obtain details of a specific team a user belongs to, use the `getTeam` method
 
 ## List All the Teams
 
-To list all teams, use the `listTeams` method on the `stackServerApp`. Here’s an example:
+To list all teams, use the `listTeams` method on the `stackServerApp`. Here's an example:
 
 ```tsx
 const teams = await stackServerApp.listTeams();
@@ -122,7 +122,7 @@ const teams = await stackServerApp.listTeams();
 
 ## Update a Team
 
-To update a team, use the `update` method on a server-side team object. Here’s how to do it:
+To update a team, use the `update` method on a server-side team object. Here's how to do it:
 
 ```tsx
 const team = await stackServerApp.getTeam('teamId');
@@ -140,15 +140,14 @@ const team = await stackServerApp.getTeam(teamId);
 await team?.removeUser(userId);
 ```
 
-## List All the Members of a Team
+## List All the Users of a Team
 
-To list all the members of a team, use the `listMembers` method on a server-side team object. Note that the returned result is a list of `TeamMember` objects, from which you can also get the user object. Here’s an example:
+To list all the users of a team, use the `listUsers` method on a server-side team object. Here's an example:
 
 ```tsx
 const team = await stackServerApp.getTeam('teamId');
-const members = await team.listMembers();
-for (const member of members) {
-  const user = member.user;
+const users = await team.listUsers();
+for (const user of users) {
   console.log(`${user.displayName} is a member of ${team.displayName}`);
 }
 ```
diff --git a/docs/fern/docs/pages/faq.mdx b/docs/fern/docs/pages/faq.mdx
new file mode 100644
index 000000000..aec311ac8
--- /dev/null
+++ b/docs/fern/docs/pages/faq.mdx
@@ -0,0 +1,24 @@
+---
+slug: faq
+subtitle: Frequently asked questions about Stack
+---
+
+## Languages & Frameworks
+<AccordionGroup>
+  <Accordion title="What languages are supported?">
+    In the frontend, Stack supports TypeScript and JavaScript with Next.js. In the backend, Stack has a flexible [REST API](/docs/rest-api) that can be used with any language or framework.
+  </Accordion>
+  <Accordion title="Can I use Stack with other JavaScript frameworks, like Astro or Angular?">
+    While you can use any backend framework with Stack, the frontend is tightly integrated with Next.js. If you want to use a different frontend framework, you will have to build the integration ourselves with the client endpoints of our [REST API](/docs/rest-api). Some members of our community have started projects to do this, so you may want to join [our Discord](https://discord.stack-auth.com) to coordinate with them.
+  </Accordion>
+  <Accordion title="Can I use Stack with the Next.js pages router?">
+    Only the Next.js app router is currently supported. However, just like any other unsupported framework, you can use the client endpoints of our [REST API](/docs/rest-api) to build your own integration.
+  </Accordion>
+</AccordionGroup>
+
+## Other
+<AccordionGroup>
+  <Accordion title="How can I contribute?">
+    Please carefully read our [CONTRIBUTING.md](https://github.com/stack-auth/stack/blob/dev/CONTRIBUTING.md). 
+  </Accordion>
+</AccordionGroup>
diff --git a/docs/fern/docs/pages/getting-started/components.mdx b/docs/fern/docs/pages/getting-started/components.mdx
new file mode 100644
index 000000000..7e1a03611
--- /dev/null
+++ b/docs/fern/docs/pages/getting-started/components.mdx
@@ -0,0 +1,60 @@
+---
+slug: getting-started/components
+subtitle: Pre-built Next.js components to make your life easier
+---
+
+In [the last guide](./setup.mdx), we initialized Stack. This time, we will take a quick look at some of the most useful Next.js components.
+
+For the full documentation of all available components, please refer to the [SDK reference](/docs/sdk).
+
+## `<UserButton />`
+
+The `<UserButton />` component shows the user's avatar and opens a dropdown with various user settings.
+
+![UserButton](../imgs/user-button.png)
+
+<Accordion title="Show code">
+  ```tsx title="page.tsx"
+  import { UserButton } from '@stackframe/stack';
+
+  export default function Page() {
+    return (
+      <UserButton />
+    );
+  }
+  ```
+</Accordion>
+
+## `<SignIn />` and `<SignUp />`
+
+These components show a sign-in and sign-up form, respectively.
+
+![Sign-in Component](../imgs/sign-in.png)
+
+```tsx title="page.tsx"
+import { UserButton } from '@stackframe/stack';
+
+export default function Page() {
+  return (
+    <SignIn />
+  );
+}
+```
+
+All of Stack's components are modular and built from smaller primitives. For example, the `<SignIn />` component is composed of the following:
+
+- An `<OAuthButtonGroup />`, which itself is composed of multiple `<OAuthButton />` components
+- A `<MagicLinkSignInForm />`, which has a text field and calls `useStackApp().signInWithMagicLink()`
+- A `<CredentialSignInForm />`, which has two text fields and calls `useStackApp().signInWithCredential()`
+
+You can use these components individually to build a custom sign-in component.
+
+To change the default sign-in URL to your own, see the documentation on [custom pages](/docs/customization/custom-pages).
+
+## Others
+
+Stack has many more components available. For a comprehensive list, please check the [SDK reference](/docs/sdk).
+
+## Next steps
+
+In the next guide, we will do a deep-dive into retrieving and modifying user objects, as well as how to protect a page.
diff --git a/docs/fern/docs/pages/getting-started/production.mdx b/docs/fern/docs/pages/getting-started/production.mdx
index e6b6b021b..75adb0a50 100644
--- a/docs/fern/docs/pages/getting-started/production.mdx
+++ b/docs/fern/docs/pages/getting-started/production.mdx
@@ -1,11 +1,11 @@
 ---
 slug: getting-started/production
-subtitle: Steps to Prepare Stack for Production Use
+subtitle: Steps to prepare Stack for production use
 ---
 
 Stack makes development easy with various default settings, but these settings need to be optimized for security and user experience when moving to production. Here's a checklist of things you need to do before switching to production mode:
 
-### Domains and Handlers
+### Domains and handlers
 
 By default, Stack allows all localhost paths as valid callback URLs. This is convenient for development but poses a security risk in production because attackers could use their own domains as callback URLs to intercept sensitive information. Therefore, in production, Stack must know your domain (e.g., `https://your-website.com`) and only allow callbacks from those domains.
 
@@ -15,7 +15,7 @@ Follow these steps when you're ready to push your application to production:
    
 2. **Disable Localhost Callbacks**: For enhanced security, disable the `Allow all localhost callbacks for development` option.
 
-### OAuth Providers
+### OAuth providers
 
 Stack uses shared OAuth keys for development to simplify setup when using "Sign in with Google/GitHub/etc." However, this isn't secure for production as it displays "Stack Development" on the providers' consent screens, making it unclear to users if the OAuth request is genuinely from your site. Thus, you should configure your own OAuth keys with the providers and connect them to Stack.
 
@@ -47,7 +47,7 @@ To use your own OAuth provider setups in production, follow these steps for each
 
 2. **Enter OAuth Credentials**: Go to the `Auth Methods` section in the Stack dashboard, open the provider's settings, switch from shared keys to custom keys, and enter the client ID and client secret.
 
-### Email Server
+### Email server
 
 For development, Stack uses a shared email server, which sends emails from Stack's domain. This is not ideal for production as users may not trust emails from an unfamiliar domain. You should set up an email server connected to your own domain.
 
@@ -55,6 +55,6 @@ Steps to connect your own email server with Stack:
 1. **Setup Email Server**: Configure your own email server and connect it to your domain (this step is beyond Stack's documentation scope).
 2. **Configure Stack's Email Settings**: Navigate to the `Emails` section in the Stack dashboard, click `Edit` in the `Email Server` section, switch from `Shared` to `Custom SMTP server`, enter your SMTP configurations, and save.
 
-### Enable Production Mode
+### Enabling production mode
 
 After completing the steps above, you can enable production mode on the `Project Settings` tab in the Stack dashboard, ensuring that your website runs securely with Stack in a production environment.
diff --git a/docs/fern/docs/pages/getting-started/setup.mdx b/docs/fern/docs/pages/getting-started/setup.mdx
index 03f6da940..dc04e3fa4 100644
--- a/docs/fern/docs/pages/getting-started/setup.mdx
+++ b/docs/fern/docs/pages/getting-started/setup.mdx
@@ -5,7 +5,7 @@ subtitle: Getting started with Stack in 5 minutes
 
 ## Setup
 
-To get started with Stack, you need to [create a Next.js](https://nextjs.org/docs) project with the App router first.
+To get started with Stack, you need a [Next.js project](https://nextjs.org/docs/getting-started/installation) with the app router. The pages router is not supported.
 
 We recommend using our **setup wizard**, which will automatically detect your project structure and guide you through the installation process. In case it fails, you can choose to do the manual installation instead.
 
@@ -29,9 +29,18 @@ We recommend using our **setup wizard**, which will automatically detect your pr
       ```
 
       ### Done!
+      That's it! The following files should have been created or updated in your project:
+
+      - `app/handler/[...stack]/page.tsx`: This file contains the default pages for sign-in, sign-out, account settings, and more. If you prefer, later you will learn how to [use custom pages](/docs/customization/custom-pages) instead.
+      - `app/layout.tsx`: The layout file was updated to wrap the entire body with `StackProvider` and `StackTheme`.
+      - `app/loading.tsx`: If not yet found, Stack automatically adds a Suspense boundary to your app. This is shown to the user while Stack's async hooks, like `useUser`, are loading.
+      - `stack.ts`: This file contains the `stackServerApp` which you can use to access Stack from Server Components, Server Actions, API routes, and middleware.
     </Steps>
   </Tab>
   <Tab title="Manual installation">
+    Note: The setup wizard also supports existing, complicated projects. Cases where manual installation is necessary are rare.
+
+    If you are struggling with the setup wizard, please reach out to us on our [Discord](https://discord.stack-auth.com) first, where we'll be happy to help you.
     <Steps>
       ### Install npm package
 
@@ -133,7 +142,7 @@ That's it! Stack is now configured in your Next.js project. If you start your Ne
 
 ![Stack sign in page](../imgs/sign-in.png)
 
-After signing up/in, you will be redirected back to the home page. We will show you how to add useful information to it in the next section. You can also check out the [http://localhost:3000/handler/account-settings](http://localhost:3000/handler/account-settings) page which looks like this:
+After signing up/in, you will be redirected back to the home page. We will show you how to add user information to it in the next section. You can also check out the [http://localhost:3000/handler/account-settings](http://localhost:3000/handler/account-settings) page which looks like this:
 
 ![Stack account settings page](../imgs/account-settings-page.png)
 
@@ -141,4 +150,4 @@ After signing up/in, you will be redirected back to the home page. We will show
 
 ## Next steps
 
-Next, we will show you how to get user information, protect a page, and store/retrieve user information in code.
+Next up, we will show you how to retrieve and update user information, and how to protect a page.
diff --git a/docs/fern/docs/pages/getting-started/users.mdx b/docs/fern/docs/pages/getting-started/users.mdx
index e12f84172..2a4ce88ff 100644
--- a/docs/fern/docs/pages/getting-started/users.mdx
+++ b/docs/fern/docs/pages/getting-started/users.mdx
@@ -1,57 +1,65 @@
 ---
 slug: getting-started/users
-subtitle: Get and manage user information
+subtitle: Reading and writing user information, and protecting pages
 ---
 
 In [the last guide](./setup.mdx), we initialized Stack. This created new files containing a `StackServerApp` and `StackProvider`. In this section, we will show you how to utilize those for accessing and modifying the current user information on Server Components and Client Components, respectively.
 
-## Use the current user in a client component
+## Client Component basics
 
-We can use the `useStackApp()` hook to get a `StackClientApp` object. With it, we can retrieve the current user in Client Components:
+The `useUser()` hook returns the current user in a Client Component. By default, it will return `null` if the user is not signed in.
 
-```tsx title="Client user profile"
+```tsx title="my-client-component.tsx"
 "use client";
-import { useStackApp } from "@stackframe/stack";
+import { useUser } from "@stackframe/stack"
 
-export function MyComponent() {
-  const app = useStackApp();
-  const user = app.useUser();
+export function MyClientComponent() {
+  const user = useUser();
   return <div>{user ? `Hello, ${user.displayName ?? "anon"}` : 'You are not logged in'}</div>;
 }
 ```
 
-Because it's so common, `useUser()` is also exposed as a standalone hook: `import { useUser } from "@stackframe/stack"`. This is simply a shortcut because `useUser()` is shorter than `useStackApp().useUser()`. (This is not the case with other hooks; most are on the `StackClientApp` object, for example, you must explicitly call `useStackApp().useProject()` versus `useProject()`.)
+The `useUser()` hook is simply a shorthand for `useStackApp().useUser()`. `useStackApp()` also contains other useful hooks and methods for clients, which will be described later.
+
+Sometimes, you want to retrieve the user only if they're signed in, and redirect to the sign-in page otherwise. In this case, simply pass `{ or: "redirect" }`, and the function will never return `null`.
+
+```tsx
+  const user = useUser({ or: "redirect" });
+  return <div>{`Hello, ${user.displayName ?? "anon"}`}</div>;
+```
 
-## Use the current user in a server component
+## Server Component basics
 
-On Server Components, you don't need `useStackApp()`. Instead, you can just import the `StackServerApp` that you created in the previous chapter (usually you would find it in the root or `src` directory):
+Since `useUser()` is a stateful hook, you can't use it on server components. Instead, you can import `stackServerApp` from `stack.ts` and call `getUser()`:
 
-```tsx title="Server user profile"
+```tsx title="my-server-component.tsx"
 import { stackServerApp } from "@/stack";
 
-export default async function MyComponent() {
-  const user = await stackServerApp.getUser();
+export default async function MyServerComponent() {
+  const user = await stackServerApp.getUser();  // or: stackServerApp.getUser({ or: "redirect" })
   return <div>{user ? `Hello, ${user.displayName ?? "anon"}` : 'You are not logged in'}</div>;
 }
 ```
 
 <Note>
-The difference between `getUser()` and `useUser()` is that `useUser()` will re-render the component when the user changes (for example on signout), while `getUser()` will only fetch the user once. Since Server Components cannot re-render, `useUser()` cannot be used there. 
+Since `useUser()` is a hook, it will re-render the component on user changes (eg. signout), while `getUser()` will only fetch the user once (on page load). You can also call `useStackApp().getUser()` on the client side to get the user in a non-component context.
 </Note>
 
 
 ## Protecting a page
 
-There are three ways to protect a page: Using middleware, in Client Components with `useUser({ or: "redirect" })`, and in Server Components with `await getUser({ or: "redirect" })`.
-
-Middleware can be used whenever it is easy to tell whether a page should be protected given just the URL, for example you have a `/private` section only accessible to logged-in users.
+There are three ways to protect a page: in Client Components with `useUser({ or: "redirect" })`, in Server Components with `await getUser({ or: "redirect" })`, or with middleware.
 
 On Client Components, the `useUser({ or: 'redirect' })` hook will redirect the user to the sign-in page if they are not logged in. Similarly, on Server Components, call `await getUser({ or: "redirect" })` to protect a page (or component).
 
+Middleware can be used whenever it is easy to tell whether a page should be protected given just the URL, for example, when you have a `/private` section only accessible to logged-in users.
+
+
 <Tabs>
   <Tab title="Middleware">
     ```tsx title="middleware.tsx"
     export async function middleware(request: NextRequest) {
+      // You can add your own route protection logic here
       const user = await stackServerApp.getUser();
       if (!user) {
         return NextResponse.redirect(new URL('/handler/sign-in', request.url));
@@ -62,11 +70,11 @@ On Client Components, the `useUser({ or: 'redirect' })` hook will redirect the u
   </Tab>
 
   <Tab title="Client Component">
-    ```tsx title="my-component.tsx"
+    ```tsx title="my-protected-client-component.tsx"
     "use client";
     import { useUser } from "@stackframe/stack";
 
-    export default function Protected() {
+    export default function MyProtectedClientComponent() {
       useUser({ or: 'redirect' });
       return <h1>You can only see this if you are logged in</h1>
     }
@@ -74,10 +82,10 @@ On Client Components, the `useUser({ or: 'redirect' })` hook will redirect the u
   </Tab>
 
   <Tab title="Server Component">
-    ```tsx title="my-component.tsx"
+    ```tsx title="my-protected-server-component.tsx"
     import { stackServerApp } from "@/stack";
 
-    export default async function Protected() {
+    export default async function MyProtectedServerComponent() {
       await stackServerApp.getUser({ or: 'redirect' });
       return <h1>You can only see this if you are logged in</h1>
     }
@@ -88,26 +96,76 @@ On Client Components, the `useUser({ or: 'redirect' })` hook will redirect the u
 <Note>
   If you have sensitive information hidden in the page HTML itself, be aware of Next.js differences when using Server vs. Client Components.
 
-  - **Client Components**: Client components are always sent to the browser, regardless of page protection. This is standard Next.js behavior. For more information, please refer to the [Next.js documentation](https://nextjs.org/docs/app/building-your-application/rendering/composition-patterns#keeping-server-only-code-out-of-the-client-environment). (Again, this will not allow attackers to impersonate a user).
+  - **Client Components**: Client components are always sent to the browser, regardless of page protection. This is standard Next.js behavior. For more information, please refer to the [Next.js documentation](https://nextjs.org/docs/app/building-your-application/rendering/composition-patterns#keeping-server-only-code-out-of-the-client-environment).
 
   - **Server Components**: If a component is protected, it is guaranteed that its bundled HTML will not be sent to the browser if the user is not logged in. However, this is not necessarily true for its children and the rest of the page, as Next.js may split components on the same page and send them to the client separately for performance.
   
     For example, if your page is `<Parent><Child /></Parent>`, where `Parent` is protected and `Child` is not, Next.js may still send `<Child />` to the browser even if the user is not logged in. (Normal browsers will never display it, but attackers may be able to retrieve it.) Notably, this also applies to unprotected pages inside protected layouts.
   
-    To remediate this, every component that contains sensitive information should protect itself, instead of relying on an outer layout. This is good practice anyways; it prevents you from accidentally exposing the data.
+    To remediate this, every component/page that contains sensitive information should protect itself, instead of relying on an outer layout. This is good practice anyways; it prevents you from accidentally exposing the data.
+  
+  - **Middleware**: Because middleware runs on the edge, it ensures that the protected URLs are not accessible to anyone who is not authorized, so you don't have to worry about Next.js pre-sending unprotected components to the client.
   
   Irregardless of which method you use, attackers will never be able to, say, impersonate a user.
 
 </Note>
 
 
+## User metadata
+
+You can update attributes on a user object with the `user.update()` function.
+
+```tsx title="my-client-component.tsx"
+'use client';
+import { useUser } from "@stackframe/stack";
+
+export default function MyClientComponent() {
+  const user = useUser();
+  return <button onClick={async () => await user.update({ displayName: "New Name" })}>
+    Change Name
+  </button>;
+}
+```
+
+You can store custom data in the `clientMetadata` field. It will be readable and writable by the user themselves and should not contain any sensitive information.
+
+```tsx
+await user.update({
+  clientMetadata: {
+    mailingAddress: "123 Main St",
+  },
+});
+```
+
+You can then read the `clientMetadata` field from the `User` object:
+
+```tsx
+const user = useUser();
+console.log(user.clientMetadata);
+```
+
+If you want to store sensitive information, you can use the `serverMetadata` field. This data is only readable & writable from the server.
+
+```tsx title="my-server-component.tsx"
+const user = await stackServerApp.getUser();
+await user.update({
+  serverMetadata: {
+    secretInfo: "This is a secret",
+  },
+});
+
+// later:
+const user = await stackServerApp.getUser();
+console.log(user.serverMetadata);
+```
+
 ## Signing out
 
-You can sign out the user by redirecting them to `/handler/signout` or simply by calling `user.signOut()`. They will be redirected to the URL [configured as `afterSignOut` in the `StackServerApp`](/docs/api-documentation/app).
+You can sign out the user by redirecting them to `/handler/sign-out` or simply by calling `user.signOut()`. They will be redirected to the URL [configured as `afterSignOut` in the `StackServerApp`](/docs/api-documentation/app).
 
 <Tabs>
   <Tab title="user.signOut()">
-    ```tsx title="Sign-out button"
+    ```tsx title="sign-out-button.tsx"
     "use client";
     import { useUser } from "@stackframe/stack";
 
@@ -119,24 +177,24 @@ You can sign out the user by redirecting them to `/handler/signout` or simply by
   </Tab>
 
   <Tab title="Redirect">
-    ```tsx title="Sign-out link"
+    ```tsx title="sign-out-link.tsx"
     import { stackServerApp } from "@/stack";
 
     export default async function SignOutLink() {
+      // stackServerApp.urls.signOut is equal to /handler/sign-out
       return <a href={stackServerApp.urls.signOut}>Sign Out</a>;
     }
     ```
   </Tab>
 </Tabs>
 
+## Example: Custom profile page
 
-## Example Profile Page
-
-Stack automatically creates a user profile on sign-up. Let's create a page that displays this information. In `app/profile/page.tsx`:
+Stack automatically creates a user profile on sign-up. Let's build a page that displays this information. In `app/profile/page.tsx`:
 
 <Tabs>
   <Tab title="Client Component">
-    ```tsx title="Client profile page"
+    ```tsx title="app/profile/page.tsx"
     'use client';
     import { useUser, useStackApp, UserButton } from "@stackframe/stack";
 
@@ -148,7 +206,7 @@ Stack automatically creates a user profile on sign-up. Let's create a page that
           {user ? (
             <div>
               <UserButton />
-              <p>Welcome, {user.displayName}</p>
+              <p>Welcome, {user.displayName ?? "anonymous user"}</p>
               <p>Your e-mail: {user.primaryEmail}</p>
               <button onClick={() => user.signOut()}>Sign Out</button>
             </div>
@@ -166,7 +224,7 @@ Stack automatically creates a user profile on sign-up. Let's create a page that
   </Tab>
 
   <Tab title="Server Component">
-    ```tsx title="Server profile page"
+    ```tsx title="app/profile/page.tsx"
     import { stackServerApp } from "@/stack";
     import { UserButton } from "@stackframe/stack";
 
@@ -177,7 +235,7 @@ Stack automatically creates a user profile on sign-up. Let's create a page that
           {user ? (
             <div>
               <UserButton />
-              <p>Welcome, {user.displayName}</p>
+              <p>Welcome, {user.displayName ?? "anonymous user"}</p>
               <p>Your e-mail: {user.primaryEmail}</p>
               <p><a href={stackServerApp.urls.signOut}>Sign Out</a></p>
             </div>
@@ -195,66 +253,10 @@ Stack automatically creates a user profile on sign-up. Let's create a page that
   </Tab>
 </Tabs>
 
-Note the `UserButton` is a component that you normally put in the top right corner of your page. It shows the user's profile picture (and optionally their name) and opens a dropdown with the user's profile, account settings, and sign-out button. It looks like this:
-
-![UserButton](../imgs/user-button.png)
-
-You will now be able to see the new profile page on [http://localhost:3000/profile](http://localhost:3000/profile).
-
-To see more examples of how to use the `User` object, check out the [User API documentation](../sdk/current-user.mdx).
-
-## Custom User Information
-
-You can update the user's information by calling `user.update()` with the new data. The user data from the `userUser()` hook will also be updated automatically. Here is an example:
-
-```tsx title="Update user display name"
-'use client';
-import { useUser } from "@stackframe/stack";
-
-export default function UpdateUser() {
-  const user = useUser();
-  return <button onClick={async () => await user.update({ displayName: "New Name" })}>
-    Change Name
-  </button>;
-}
-```
-
-You can store custom data in the `clientMetadata` field. Note that this data is visible on the client side and should not contain any sensitive information.
-
-```tsx title="Store client metadata"
-await user.update({
-  clientMetadata: {
-    mailingAddress: "123 Main St",
-  },
-});
-```
-
-You can then get the `clientMetadata` field from the `User` object:
-
-```tsx title="Read client metadata"
-const user = useUser();
-console.log(user.clientMetadata);
-```
-
-If you want to store sensitive information that is only visible on the server side, you can use the `serverMetadata` field. This data will not be sent accessible on the client side. So you also have to use the `getUser()` on the `StackServerApp` to access this data.
-
-```tsx title="Store server metadata"
-// server side only
-import { stackServerApp } from "@/stack";
-const user = await stackServerApp.getUser();
-await user.update({
-  serverMetadata: {
-    secretInfo: "This is a secret",
-  },
-});
-```
+After saving your code, you can see the profile page on [http://localhost:3000/profile](http://localhost:3000/profile).
 
-You can also access them from the `User` object:
+For more examples on how to use the `User` object, check the [CurrentUser object in the SDK documentation](../sdk/current-user.mdx).
 
-```tsx title="Read server metadata"
-// server side only
-import { stackServerApp } from "@/stack";
-const user = await stackServerApp.getUser();
-console.log(user.serverMetadata);
-```
+## Next steps
 
+In the next guide, we will show you how to put [your application into production](./production.mdx).
\ No newline at end of file
diff --git a/docs/fern/docs/pages/getting-started/overview.mdx b/docs/fern/docs/pages/overview.mdx
similarity index 85%
rename from docs/fern/docs/pages/getting-started/overview.mdx
rename to docs/fern/docs/pages/overview.mdx
index e7e3c4067..ccee43f91 100644
--- a/docs/fern/docs/pages/getting-started/overview.mdx
+++ b/docs/fern/docs/pages/overview.mdx
@@ -1,5 +1,5 @@
 ---
-slug: getting-started/overview
+slug: overview
 subtitle: Welcome to Stack, the open-source authentication platform!
 ---
 
@@ -48,7 +48,7 @@ That's why we built Stack. Integrating secure authentication into your app shoul
 
 At the core of Stack are deep integrations into frontend and backend frameworks. We offer the best developer experience to those using our supported tech stacks — currently, Next.js with Postgres and TypeScript or Python backends. Instead of providing mediocre support for numerous frameworks, we focused on making a few integrations excellent before adding new ones. We also offer a cross-compatible REST API as a fallback.
 
-Here’s an example. To retrieve the current user, simply call:
+Here's an example. To retrieve the current user, simply call:
 
 ```tsx
 export function MyComponent() {
@@ -71,9 +71,9 @@ The user data will update in both the frontend and backend automatically. The up
 
 You also get pages and components for the authentication flow out-of-the-box. This is the sign-in page you get without writing a single line of code:
 
-![Stack sign in page](../imgs/sign-in.png)
+![Stack sign in page](./imgs/sign-in.png)
 
-Notice, there's no branding on our components. We believe we should grow by building the best product, not by forcing our brand onto your users. This means we **rely on you to spread the word about Stack**. If you like what you’re reading, please take a moment to tell one or two of your friends about us.
+Notice, there's no branding on our components. We believe we should grow by building the best product, not by forcing our brand onto your users. This means we **rely on you to spread the word about Stack**. If you like what you're reading, please take a moment to tell one or two of your friends about us.
 
 If you prefer a fully customized UI, you can use our low-level functions like `signInWithOAuth` or `signInWithCredential` to build your own sign-in page:
 
@@ -92,12 +92,12 @@ export default function CustomOAuthSignIn() {
 
 To manage everything efficiently, there is a powerful admin dashboard:
 
-![Stack dashboard](../imgs/dashboard.png)
+![Stack dashboard](./imgs/dashboard.png)
 
-Best of all, Stack is **100% open-source**. This means the client, server, dashboard, and even this documentation you’re reading right now. Check out our [GitHub](https://github.com/stack-auth/stack) to open an issue or pull request.
+Best of all, Stack is **100% open-source**. This means the client, server, dashboard, and even this documentation you're reading right now. Check out our [GitHub](https://github.com/stack-auth/stack) to open an issue or pull request.
 
 This is just a glimpse of what Stack can do. Stack also handles many other tasks like backend integration, data storage, emails, teams, permissions, and more, which you will learn about later in the documentation.
 
-If this sounds interesting, [get started](../getting-started/setup.mdx) with our interactive setup wizard, or join [our Discord community](https://discord.stack-auth.com) to ask questions and get help from our team.
+If this sounds interesting, [get started](./getting-started/setup.mdx) with our interactive setup wizard, or join [our Discord community](https://discord.stack-auth.com) to ask questions and get help from our team.
 
 We're excited to have you on board! 🚀
diff --git a/docs/fern/docs/pages/rest-api/auth.mdx b/docs/fern/docs/pages/rest-api/auth.mdx
new file mode 100644
index 000000000..aa0efcc72
--- /dev/null
+++ b/docs/fern/docs/pages/rest-api/auth.mdx
@@ -0,0 +1,45 @@
+---
+slug: rest-api/auth
+subtitle: REST API Overview
+---
+
+Stack offers a REST API for backends & frontends of any programming language or framework. This API is used to authenticate users, manage user data, and more.
+
+## Authentication
+
+The following authentication headers are common to every endpoint:
+
+```http
+curl https://api.stack-auth.com/api/v1/ \
+     -H "X-Stack-Access-Type: <either 'client' or 'server'>" \
+     -H "X-Stack-Project-Id: <your project UUID>" \
+     -H "X-Stack-Publishable-Client-Key: pck_<your publishable client key>" \
+     -H "X-Stack-Secret-Server-Key: ssk_<your secret server key>" \
+     -H "X-Stack-Access-Token: <the current user's access token>"
+```
+
+| Header | Type | Description |
+| ------ | ---- | ----------- |
+| `X-Stack-Access-Type` | "client" \| "server" | Required. "client" (without quotes) for the frontend API, or "server" for the backend API. |
+| `X-Stack-Project-Id` | UUID | Required. The project ID as found on the Stack dashboard. |
+| `X-Stack-Publishable-Client-Key` | string | Required for client access. The API key as found on the Stack dashboard. |
+| `X-Stack-Secret-Server-Key` | string | Required for server access. The API key as found on the Stack dashboard. |
+| `X-Stack-Access-Token` | string | Optional. The access token for the current user. If not given, the request is considered to be logged out. |
+
+To see how to use these headers in various programming languages, see the [examples](./server-examples).
+
+## FAQ
+
+<AccordionGroup>
+  <Accordion title="Which languages are supported?">
+    Any language that has the ability to send HTTP requests can use the Stack REST API. This includes JavaScript, Python, Ruby, Java, Go, C#, Dart, and many more. 
+  </Accordion>
+  <Accordion title="Should I use client or server access type?">
+    Client access type is mostly used for client-side applications, like a browser or mobile app. The client APIs can only read and update the currently authenticated user's data, and it is usually fine to post the publishable client key in the client-side code.
+
+    Server access type, on the other hand, is for your backend server that you control. It has full access over all user data, and the secret server key should never be exposed to client-side code.
+  </Accordion>
+  <Accordion title="What is this 'admin' access type that I see?">
+    If you'd like to build your own version of the Stack dashboard (or update project configuration programmatically), you can use the `admin` access type. These endpoints are very dangerous and you should only use them if you know what you're doing.
+  </Accordion>
+</AccordionGroup>
diff --git a/docs/fern/docs/pages/rest-api/examples.mdx b/docs/fern/docs/pages/rest-api/examples.mdx
new file mode 100644
index 000000000..420977a83
--- /dev/null
+++ b/docs/fern/docs/pages/rest-api/examples.mdx
@@ -0,0 +1,68 @@
+---
+slug: rest-api/examples
+---
+
+To authenticate your endpoints, you need to send the user's access token and refresh token in the headers of the request to your server, and then making a request to Stack's server API to verify the user's identity.
+
+## Sending requests to your server endpoints
+
+To authenticate your own server endpoints using Stack's server API, you need to protect your endpoints by sending the user's access token and refresh token in the headers of the request.
+
+On the client side, you can retrieve the access token and refresh token from the `user` object by calling `user.getAuthJson()`. This will return an object containing `accessToken` and `refreshToken`.
+
+Then, you can call your server endpoint with these two tokens in the headers, like this:
+
+```typescript
+const { accessToken, refreshToken } = await user.getAuthJson();
+const response = await fetch('/api/users/me', {
+  headers: {
+    'x-stack-access-token': accessToken,
+    'x-stack-refresh-token': refreshToken
+  },
+  // your other options and parameters
+});
+```
+
+## Authenticating the user on the server endpoints
+
+On the server side, you can extract the access token and refresh token from the headers of the request and use them to authenticate the user.
+
+<Tabs>
+  <Tab title="Node.js">
+    ```javascript
+    const url = 'https://api.stack-auth.com/v1/api/users/me';
+    const headers = {
+      'x-stack-access-token': 'access token from headers',
+      'x-stack-refresh-token': 'refresh token from headers'
+    };
+
+    fetch(url, { headers })
+      .then(response => response.json())
+      .then(data => {
+        if (data.id) {
+          console.log('User is authenticated');
+        } else {
+          console.log('User is not authenticated');
+        }
+      });
+    ```
+  </Tab>
+
+  <Tab title="Python">
+   ```python
+    import requests
+
+    url = 'https://api.stack-auth.com/v1/api/users/me'
+    headers = {
+      'x-stack-access-token': 'access token from headers',
+      'x-stack-refresh-token': 'refresh token from headers'
+    }
+
+    response = requests.get(url, headers=headers)
+    if (response.json()['id'] is not None):
+      print('User is authenticated')
+    else:
+      print('User is not authenticated')
+    ```
+  </Tab>
+</Tabs>
diff --git a/packages/init-stack/index.mjs b/packages/init-stack/index.mjs
index 4aa23dbff..eca47569c 100644
--- a/packages/init-stack/index.mjs
+++ b/packages/init-stack/index.mjs
@@ -1,17 +1,30 @@
 #!/usr/bin/env node
 
-import inquirer from 'inquirer';
-import * as fs from 'fs';
-import * as child_process from 'child_process';
-import * as path from 'path';
-import open from 'open';
-
-const jsLikeFileExtensions = ['mtsx', 'ctsx', 'tsx', 'mts', 'cts', 'ts', 'mjsx', 'cjsx', 'jsx', 'mjs', 'cjs', 'js'];
+import inquirer from "inquirer";
+import * as fs from "fs";
+import * as child_process from "child_process";
+import * as path from "path";
+import open from "open";
+
+const jsLikeFileExtensions = [
+  "mtsx",
+  "ctsx",
+  "tsx",
+  "mts",
+  "cts",
+  "ts",
+  "mjsx",
+  "cjsx",
+  "jsx",
+  "mjs",
+  "cjs",
+  "js",
+];
 
 class UserError extends Error {
   constructor(message) {
     super(message);
-    this.name = 'UserError';
+    this.name = "UserError";
   }
 }
 
@@ -25,68 +38,103 @@ async function main() {
     throw new UserError(`The project path ${projectPath} does not exist`);
   }
 
-  const packageJsonPath = path.join(projectPath, 'package.json');
+  const packageJsonPath = path.join(projectPath, "package.json");
   if (!fs.existsSync(packageJsonPath)) {
-    throw new UserError(`The package.json file does not exist in the project path ${projectPath}. You must initialize a new project first before installing Stack.`);
+    throw new UserError(
+      `The package.json file does not exist in the project path ${projectPath}. You must initialize a new project first before installing Stack.`
+    );
   }
 
-  const nextConfigPathWithoutExtension = path.join(projectPath, 'next.config');
-  const nextConfigFileExtension = await findJsExtension(nextConfigPathWithoutExtension);
-  const nextConfigPath = nextConfigPathWithoutExtension + '.' + (nextConfigFileExtension ?? "js");
+  const nextConfigPathWithoutExtension = path.join(projectPath, "next.config");
+  const nextConfigFileExtension = await findJsExtension(
+    nextConfigPathWithoutExtension
+  );
+  const nextConfigPath =
+    nextConfigPathWithoutExtension + "." + (nextConfigFileExtension ?? "js");
   if (!fs.existsSync(nextConfigPath)) {
-    throw new UserError(`Expected file at ${nextConfigPath}. Only Next.js projects are currently supported.`);
+    throw new UserError(
+      `Expected file at ${nextConfigPath}. Only Next.js projects are currently supported.`
+    );
   }
 
-  const envPath = path.join(projectPath, '.env');
-  const envDevelopmentPath = path.join(projectPath, '.env.development');
-  const envDefaultPath = path.join(projectPath, '.env.default');
-  const envDefaultsPath = path.join(projectPath, '.env.defaults');
-  const envExamplePath = path.join(projectPath, '.env.example');
-  const envLocalPath = path.join(projectPath, '.env.local');
-  const potentialEnvLocations = [envPath, envDevelopmentPath, envDefaultPath, envDefaultsPath, envExamplePath, envLocalPath];
-
-  const hasSrcAppFolder = fs.existsSync(path.join(projectPath, 'src/app'));
-  const srcPath = path.join(projectPath, hasSrcAppFolder ? 'src' : '');
-  const appPath = path.join(srcPath, 'app');
+  const envPath = path.join(projectPath, ".env");
+  const envDevelopmentPath = path.join(projectPath, ".env.development");
+  const envDefaultPath = path.join(projectPath, ".env.default");
+  const envDefaultsPath = path.join(projectPath, ".env.defaults");
+  const envExamplePath = path.join(projectPath, ".env.example");
+  const envLocalPath = path.join(projectPath, ".env.local");
+  const potentialEnvLocations = [
+    envPath,
+    envDevelopmentPath,
+    envDefaultPath,
+    envDefaultsPath,
+    envExamplePath,
+    envLocalPath,
+  ];
+
+  const hasSrcAppFolder = fs.existsSync(path.join(projectPath, "src/app"));
+  const srcPath = path.join(projectPath, hasSrcAppFolder ? "src" : "");
+  const appPath = path.join(srcPath, "app");
   if (!fs.existsSync(appPath)) {
-    throw new UserError(`The app path ${appPath} does not exist. Only the Next.js app router is supported.`);
+    throw new UserError(
+      `The app path ${appPath} does not exist. Only the Next.js app router is supported.`
+    );
   }
 
-  const layoutPathWithoutExtension = path.join(appPath, 'layout');
-  const layoutFileExtension = await findJsExtension(layoutPathWithoutExtension) ?? "jsx";
-  const layoutPath = layoutPathWithoutExtension + '.' + layoutFileExtension;
-  const layoutContent = await readFile(layoutPath) ?? throwErr(`The layout file at ${layoutPath} does not exist. Stack requires a layout file to be present in the /app folder.`);
-  const updatedLayoutResult = await getUpdatedLayout(layoutContent) ?? throwErr("Unable to parse root layout file. Make sure it contains a <body> tag. If it still doesn't work, you may need to manually install Stack. See: https://nextjs.org/docs/app/building-your-application/routing/pages-and-layouts#root-layout-required");
+  const layoutPathWithoutExtension = path.join(appPath, "layout");
+  const layoutFileExtension =
+    (await findJsExtension(layoutPathWithoutExtension)) ?? "jsx";
+  const layoutPath = layoutPathWithoutExtension + "." + layoutFileExtension;
+  const layoutContent =
+    (await readFile(layoutPath)) ??
+    throwErr(
+      `The layout file at ${layoutPath} does not exist. Stack requires a layout file to be present in the /app folder.`
+    );
+  const updatedLayoutResult =
+    (await getUpdatedLayout(layoutContent)) ??
+    throwErr(
+      "Unable to parse root layout file. Make sure it contains a <body> tag. If it still doesn't work, you may need to manually install Stack. See: https://nextjs.org/docs/app/building-your-application/routing/pages-and-layouts#root-layout-required"
+    );
   const updatedLayoutContent = updatedLayoutResult.content;
 
   const defaultExtension = layoutFileExtension;
   const ind = updatedLayoutResult.indentation;
 
-  
-  const stackAppPathWithoutExtension = path.join(srcPath, 'stack');
-  const stackAppFileExtension = await findJsExtension(stackAppPathWithoutExtension) ?? defaultExtension;
-  const stackAppPath = stackAppPathWithoutExtension + '.' + stackAppFileExtension;
+  const stackAppPathWithoutExtension = path.join(srcPath, "stack");
+  const stackAppFileExtension =
+    (await findJsExtension(stackAppPathWithoutExtension)) ?? defaultExtension;
+  const stackAppPath =
+    stackAppPathWithoutExtension + "." + stackAppFileExtension;
   const stackAppContent = await readFile(stackAppPath);
   if (stackAppContent) {
     if (!stackAppContent.includes("@stackframe/stack")) {
-      throw new UserError(`A file at the path ${stackAppPath} already exists. Stack uses the /src/stack-app file to initialize the Stack SDK. Please remove the existing file and try again.`);
+      throw new UserError(
+        `A file at the path ${stackAppPath} already exists. Stack uses the /src/stack-app file to initialize the Stack SDK. Please remove the existing file and try again.`
+      );
     }
-    throw new UserError(`It seems that you've already installed Stack in this project.`);
+    throw new UserError(
+      `It seems that you've already installed Stack in this project.`
+    );
   }
 
-
-  const handlerPathWithoutExtension = path.join(appPath, 'handler/[...stack]/page');
-  const handlerFileExtension = await findJsExtension(handlerPathWithoutExtension) ?? defaultExtension;
-  const handlerPath = handlerPathWithoutExtension + '.' + handlerFileExtension;
+  const handlerPathWithoutExtension = path.join(
+    appPath,
+    "handler/[...stack]/page"
+  );
+  const handlerFileExtension =
+    (await findJsExtension(handlerPathWithoutExtension)) ?? defaultExtension;
+  const handlerPath = handlerPathWithoutExtension + "." + handlerFileExtension;
   const handlerContent = await readFile(handlerPath);
   if (handlerContent && !handlerContent.includes("@stackframe/stack")) {
-    throw new UserError(`A file at the path ${handlerPath} already exists. Stack uses the /handler path to handle incoming requests. Please remove the existing file and try again.`);
+    throw new UserError(
+      `A file at the path ${handlerPath} already exists. Stack uses the /handler path to handle incoming requests. Please remove the existing file and try again.`
+    );
   }
 
-
-  let loadingPathWithoutExtension = path.join(appPath, 'loading');
-  const loadingFileExtension = await findJsExtension(loadingPathWithoutExtension) ?? defaultExtension;
-  const loadingPath = loadingPathWithoutExtension + '.' + loadingFileExtension;
+  let loadingPathWithoutExtension = path.join(appPath, "loading");
+  const loadingFileExtension =
+    (await findJsExtension(loadingPathWithoutExtension)) ?? defaultExtension;
+  const loadingPath = loadingPathWithoutExtension + "." + loadingFileExtension;
 
   console.log();
   console.log("Found supported project at:", projectPath);
@@ -94,85 +142,118 @@ async function main() {
 
   const packageManager = await getPackageManager();
   const versionCommand = `${packageManager} --version`;
-  const installCommand = packageManager === 'yarn' ? 'yarn add' : `${packageManager} install`;
+  const installCommand =
+    packageManager === "yarn" ? "yarn add" : `${packageManager} install`;
 
   process.stdout.write("\nChecking package manager version... ");
   try {
     await shellNicelyFormatted(versionCommand, { shell: true });
   } catch (err) {
-    throw new UserError(`Could not run the package manager command ${versionCommand}. Please make sure ${packageManager} is installed on your system.`);
+    throw new UserError(
+      `Could not run the package manager command ${versionCommand}. Please make sure ${packageManager} is installed on your system.`
+    );
   }
 
   console.log();
   console.log("Installing dependencies...");
-  await shellNicelyFormatted(`${installCommand} @stackframe/stack`, { shell: true, cwd: projectPath });
-  
+  await shellNicelyFormatted(`${installCommand} @stackframe/stack`, {
+    shell: true,
+    cwd: projectPath,
+  });
+
   console.log();
   console.log("Writing files...");
   if (potentialEnvLocations.every((p) => !fs.existsSync(p))) {
-    await writeFile(envLocalPath, "# Stack Auth keys\n# Get these variables by creating a project on https://app.stack-auth.com.\nNEXT_PUBLIC_STACK_PROJECT_ID=\nNEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=\nSTACK_SECRET_SERVER_KEY=\n");
+    await writeFile(
+      envLocalPath,
+      "# Stack Auth keys\n# Get these variables by creating a project on https://app.stack-auth.com.\nNEXT_PUBLIC_STACK_PROJECT_ID=\nNEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=\nSTACK_SECRET_SERVER_KEY=\n"
+    );
   }
-  await writeFileIfNotExists(loadingPath, `export default function Loading() {\n${ind}// Stack uses React Suspense, which will render this page while user data is being fetched.\n${ind}// See: https://nextjs.org/docs/app/api-reference/file-conventions/loading\n${ind}return <></>;\n}\n`);
-  await writeFileIfNotExists(handlerPath, `import { StackHandler } from "@stackframe/stack";\nimport { stackServerApp } from "../../../stack";\n\nexport default function Handler(props${handlerFileExtension.includes("ts") ? ": any" : ""}) {\n${ind}return <StackHandler fullPage app={stackServerApp} {...props} />;\n}\n`);
-  await writeFileIfNotExists(stackAppPath, `import "server-only";\n\nimport { StackServerApp } from "@stackframe/stack";\n\nexport const stackServerApp = new StackServerApp({\n${ind}tokenStore: "nextjs-cookie",\n});\n`);
+  await writeFileIfNotExists(
+    loadingPath,
+    `export default function Loading() {\n${ind}// Stack uses React Suspense, which will render this page while user data is being fetched.\n${ind}// See: https://nextjs.org/docs/app/api-reference/file-conventions/loading\n${ind}return <></>;\n}\n`
+  );
+  await writeFileIfNotExists(
+    handlerPath,
+    `import { StackHandler } from "@stackframe/stack";\nimport { stackServerApp } from "../../../stack";\n\nexport default function Handler(props${handlerFileExtension.includes("ts") ? ": any" : ""}) {\n${ind}return <StackHandler fullPage app={stackServerApp} {...props} />;\n}\n`
+  );
+  await writeFileIfNotExists(
+    stackAppPath,
+    `import "server-only";\n\nimport { StackServerApp } from "@stackframe/stack";\n\nexport const stackServerApp = new StackServerApp({\n${ind}tokenStore: "nextjs-cookie",\n});\n`
+  );
   await writeFile(layoutPath, updatedLayoutContent);
   console.log("Files written successfully!");
 }
-main().then(async() => {
-  console.log();
-  console.log();
-  console.log();
-  console.log();
-  console.log("===============================================");
-  console.log();
-  console.log("Successfully installed Stack! 🚀🚀🚀");
-  console.log();
-  console.log("Next up, please create an account on https://app.stack-auth.com to create a new project, and copy the Next.js environment variables from a new API key into your .env.local file.");
-  console.log();
-  console.log("Then, you will be able to access your sign-in page on http://your-website.example.com/handler/sign-in. Congratulations!");
-  console.log();
-  console.log("For more information, please visit https://docs.stack-auth.com/docs/getting-started/setup");
-  console.log();
-  console.log("===============================================");
-  console.log();
-  await open("https://app.stack-auth.com/wizard-congrats");
-}).catch((err) => {
-  console.error(err);
-  console.error();
-  console.error();
-  console.error();
-  console.error();
-  console.error("===============================================");
-  console.error();
-  if (err instanceof UserError) {
-    console.error("[ERR] Error: " + err.message);
-  } else {
-    console.error("[ERR] An error occurred during the initialization process.");
-  }
-  console.error("[ERR]");
-  console.error("[ERR] If you need assistance, please try installing Slack manually as described in https://docs.stack-auth.com/docs/getting-started/setup or join our Discord where we're happy to help: https://discord.stack-auth.com");
-  if (!(err instanceof UserError)) {
+main()
+  .then(async () => {
+    console.log();
+    console.log();
+    console.log();
+    console.log();
+    console.log("===============================================");
+    console.log();
+    console.log("Successfully installed Stack! 🚀🚀🚀");
+    console.log();
+    console.log(
+      "Next up, please create an account on https://app.stack-auth.com to create a new project, and copy the Next.js environment variables from a new API key into your .env.local file."
+    );
+    console.log();
+    console.log(
+      "Then, you will be able to access your sign-in page on http://your-website.example.com/handler/sign-in. Congratulations!"
+    );
+    console.log();
+    console.log(
+      "For more information, please visit https://docs.stack-auth.com/docs/getting-started/setup"
+    );
+    console.log();
+    console.log("===============================================");
+    console.log();
+    await open("https://app.stack-auth.com/wizard-congrats");
+  })
+  .catch((err) => {
+    console.error(err);
+    console.error();
+    console.error();
+    console.error();
+    console.error();
+    console.error("===============================================");
+    console.error();
+    if (err instanceof UserError) {
+      console.error("[ERR] Error: " + err.message);
+    } else {
+      console.error(
+        "[ERR] An error occurred during the initialization process."
+      );
+    }
     console.error("[ERR]");
-    console.error(`[ERR] Error message: ${err.message}`);
-  }
-  console.error();
-  console.error("===============================================");
-  console.error();
-  process.exit(1);
-});
+    console.error(
+      "[ERR] If you need assistance, please try installing Slack manually as described in https://docs.stack-auth.com/docs/getting-started/setup or join our Discord where we're happy to help: https://discord.stack-auth.com"
+    );
+    if (!(err instanceof UserError)) {
+      console.error("[ERR]");
+      console.error(`[ERR] Error message: ${err.message}`);
+    }
+    console.error();
+    console.error("===============================================");
+    console.error();
+    process.exit(1);
+  });
 
 async function getUpdatedLayout(originalLayout) {
   let layout = originalLayout;
   const indentation = guessIndentation(originalLayout);
 
-  const firstImportLocationM1 = (/\simport\s/).exec(layout)?.index;
+  const firstImportLocationM1 = /\simport\s/.exec(layout)?.index;
   const hasStringAsFirstLine = layout.startsWith('"') || layout.startsWith("'");
-  const importInsertLocationM1 = firstImportLocationM1 ?? (hasStringAsFirstLine ? layout.indexOf('\n') : -1);
+  const importInsertLocationM1 =
+    firstImportLocationM1 ?? (hasStringAsFirstLine ? layout.indexOf("\n") : -1);
   const importInsertLocation = importInsertLocationM1 + 1;
   const importStatement = `import { StackProvider, StackTheme } from "@stackframe/stack";\nimport { stackServerApp } from "../stack";\n`;
-  layout = layout.slice(0, importInsertLocation) + importStatement + layout.slice(importInsertLocation);
+  layout =
+    layout.slice(0, importInsertLocation) +
+    importStatement +
+    layout.slice(importInsertLocation);
 
-  
   const bodyOpenTag = /<\s*body[^>]*>/.exec(layout);
   const bodyCloseTag = /<\s*\/\s*body[^>]*>/.exec(layout);
   if (!bodyOpenTag || !bodyCloseTag) {
@@ -184,15 +265,27 @@ async function getUpdatedLayout(originalLayout) {
     return undefined;
   }
 
-  const lines = layout.split('\n');
-  const [bodyOpenEndLine, bodyOpenEndIndexInLine] = getLineIndex(lines, bodyOpenEndIndex);
-  const [bodyCloseStartLine, bodyCloseStartIndexInLine] = getLineIndex(lines, bodyCloseStartIndex);
+  const lines = layout.split("\n");
+  const [bodyOpenEndLine, bodyOpenEndIndexInLine] = getLineIndex(
+    lines,
+    bodyOpenEndIndex
+  );
+  const [bodyCloseStartLine, bodyCloseStartIndexInLine] = getLineIndex(
+    lines,
+    bodyCloseStartIndex
+  );
 
   const insertOpen = "<StackProvider app={stackServerApp}><StackTheme>";
   const insertClose = "</StackTheme></StackProvider>";
 
-  layout = layout.slice(0, bodyCloseStartIndex) + insertClose + layout.slice(bodyCloseStartIndex);
-  layout = layout.slice(0, bodyOpenEndIndex) + insertOpen + layout.slice(bodyOpenEndIndex);
+  layout =
+    layout.slice(0, bodyCloseStartIndex) +
+    insertClose +
+    layout.slice(bodyCloseStartIndex);
+  layout =
+    layout.slice(0, bodyOpenEndIndex) +
+    insertOpen +
+    layout.slice(bodyOpenEndIndex);
 
   return {
     content: `${layout}`,
@@ -201,13 +294,19 @@ async function getUpdatedLayout(originalLayout) {
 }
 
 function guessIndentation(str) {
-  const lines = str.split('\n');
-  const linesLeadingWhitespaces = lines.map((line) => line.match(/^\s*/)[0]).filter((ws) => ws.length > 0);
-  const isMostlyTabs = linesLeadingWhitespaces.filter((ws) => ws.includes('\t')).length >= linesLeadingWhitespaces.length * 2 / 3;
+  const lines = str.split("\n");
+  const linesLeadingWhitespaces = lines
+    .map((line) => line.match(/^\s*/)[0])
+    .filter((ws) => ws.length > 0);
+  const isMostlyTabs =
+    linesLeadingWhitespaces.filter((ws) => ws.includes("\t")).length >=
+    (linesLeadingWhitespaces.length * 2) / 3;
   if (isMostlyTabs) return "\t";
-  const linesLeadingWhitespacesCount = linesLeadingWhitespaces.map((ws) => ws.length);
+  const linesLeadingWhitespacesCount = linesLeadingWhitespaces.map(
+    (ws) => ws.length
+  );
   const min = Math.min(Infinity, ...linesLeadingWhitespacesCount);
-  return Number.isFinite(min) ? ' '.repeat(Math.max(2, min)) : '  ';
+  return Number.isFinite(min) ? " ".repeat(Math.max(2, min)) : "  ";
 }
 
 function getLineIndex(lines, stringIndex) {
@@ -219,23 +318,29 @@ function getLineIndex(lines, stringIndex) {
     }
     lineIndex += line.length + 1;
   }
-  throw new Error(`Index ${stringIndex} is out of bounds for lines ${JSON.stringify(lines)}`);
+  throw new Error(
+    `Index ${stringIndex} is out of bounds for lines ${JSON.stringify(lines)}`
+  );
 }
 
 async function getProjectPath() {
   if (savedProjectPath === undefined) {
     savedProjectPath = process.cwd();
 
-    const askForPathModification = !fs.existsSync(path.join(savedProjectPath, 'package.json'));
+    const askForPathModification = !fs.existsSync(
+      path.join(savedProjectPath, "package.json")
+    );
     if (askForPathModification) {
-      savedProjectPath = (await inquirer.prompt([
-        {
-          type: 'input',
-          name: 'newPath',
-          message: 'Please enter the path to your project:',
-          default: ".",
-        },
-      ])).newPath;
+      savedProjectPath = (
+        await inquirer.prompt([
+          {
+            type: "input",
+            name: "newPath",
+            message: "Please enter the path to your project:",
+            default: ".",
+          },
+        ])
+      ).newPath;
     }
   }
   return savedProjectPath;
@@ -243,7 +348,7 @@ async function getProjectPath() {
 
 async function findJsExtension(fullPathWithoutExtension) {
   for (const ext of jsLikeFileExtensions) {
-    const fullPath = fullPathWithoutExtension + '.' + ext;
+    const fullPath = fullPathWithoutExtension + "." + ext;
     if (fs.existsSync(fullPath)) {
       return ext;
     }
@@ -253,24 +358,24 @@ async function findJsExtension(fullPathWithoutExtension) {
 
 async function getPackageManager() {
   const projectPath = await getProjectPath();
-  const yarnLock = fs.existsSync(path.join(projectPath, 'yarn.lock'));
-  const pnpmLock = fs.existsSync(path.join(projectPath, 'pnpm-lock.yaml'));
-  const npmLock = fs.existsSync(path.join(projectPath, 'package-lock.json'));
+  const yarnLock = fs.existsSync(path.join(projectPath, "yarn.lock"));
+  const pnpmLock = fs.existsSync(path.join(projectPath, "pnpm-lock.yaml"));
+  const npmLock = fs.existsSync(path.join(projectPath, "package-lock.json"));
 
   if (yarnLock && !pnpmLock && !npmLock) {
-    return 'yarn';
+    return "yarn";
   } else if (!yarnLock && pnpmLock && !npmLock) {
-    return 'pnpm';
+    return "pnpm";
   } else if (!yarnLock && !pnpmLock && npmLock) {
-    return 'npm';
+    return "npm";
   }
 
   const answers = await inquirer.prompt([
     {
-      type: 'list',
-      name: 'packageManager',
-      message: 'Which package manager are you using for this project?',
-      choices: ['npm', 'yarn', 'pnpm'],
+      type: "list",
+      name: "packageManager",
+      message: "Which package manager are you using for this project?",
+      choices: ["npm", "yarn", "pnpm"],
     },
   ]);
   return answers.packageManager;
@@ -285,7 +390,7 @@ async function shellNicelyFormatted(command, options) {
   child.stderr.pipe(ui.log);
 
   await new Promise((resolve, reject) => {
-    child.on('exit', (code) => {
+    child.on("exit", (code) => {
       if (code === 0) {
         resolve();
       } else {
@@ -300,9 +405,9 @@ async function shellNicelyFormatted(command, options) {
 
 async function readFile(fullPath) {
   try {
-    return fs.readFileSync(fullPath, 'utf-8');
+    return fs.readFileSync(fullPath, "utf-8");
   } catch (err) {
-    if (err.code === 'ENOENT') {
+    if (err.code === "ENOENT") {
       return null;
     }
     throw err;
diff --git a/packages/stack-shared/src/crud.tsx b/packages/stack-shared/src/crud.tsx
index ad31b118d..958529f3c 100644
--- a/packages/stack-shared/src/crud.tsx
+++ b/packages/stack-shared/src/crud.tsx
@@ -14,6 +14,7 @@ declare module 'yup' {
       description?: string,
       exampleValue?: any,
       hidden?: boolean,
+      onlyShowInOperations?: Capitalize<CrudlOperation>[],
     },
   }
 }
@@ -22,6 +23,7 @@ type ShownEndpointDocumentation = {
   summary: string,
   description: string,
   tags?: string[],
+  crudOperation?: Capitalize<CrudlOperation>,
 };
 export type EndpointDocumentation =
   | ({ hidden: true } & Partial<ShownEndpointDocumentation>)
diff --git a/packages/stack-shared/src/interface/crud/current-user.ts b/packages/stack-shared/src/interface/crud/current-user.ts
index fe287494b..6f0247a6a 100644
--- a/packages/stack-shared/src/interface/crud/current-user.ts
+++ b/packages/stack-shared/src/interface/crud/current-user.ts
@@ -12,7 +12,6 @@ const clientUpdateSchema = usersCrudServerUpdateSchema.pick([
 const serverUpdateSchema = usersCrudServerUpdateSchema;
 
 const clientReadSchema = usersCrudServerReadSchema.pick([
-  "project_id",
   "id",
   "primary_email",
   "primary_email_verified",
diff --git a/packages/stack-shared/src/interface/crud/team-permissions.ts b/packages/stack-shared/src/interface/crud/team-permissions.ts
index 2bb65766f..bd5869a71 100644
--- a/packages/stack-shared/src/interface/crud/team-permissions.ts
+++ b/packages/stack-shared/src/interface/crud/team-permissions.ts
@@ -21,13 +21,13 @@ export const teamPermissionsCrud = createCrud({
   serverDeleteSchema: teamPermissionsCrudServerDeleteSchema,
   docs: {
     clientList: {
-      summary: "List team permissions of the current user",
-      description: "user_id=me needs to be set",
+      summary: "List team permissions",
+      description: "List team permissions of the current user. `user_id=me` must be set for client requests. Note that this might contain the permissions with the same permission ID across different teams. `(team_id, user_id, permission_id)` together uniquely identify a permission.",
       tags: ["Permissions"],
     },
     serverList: {
       summary: "List team permissions of a user",
-      description: "Query and filter the permission with team_id, user_id, and permission_id",
+      description: "Query and filter the permission with `team_id`, `user_id`, and `permission_id`. Note that this might contain the permissions with the same permission ID across different teams and users. `(team_id, user_id, permission_id)` together uniquely identify a permission.",
       tags: ["Permissions"],
     },
     serverCreate: {
diff --git a/packages/stack-shared/src/interface/crud/teams.ts b/packages/stack-shared/src/interface/crud/teams.ts
index c7a869efc..27e45afd9 100644
--- a/packages/stack-shared/src/interface/crud/teams.ts
+++ b/packages/stack-shared/src/interface/crud/teams.ts
@@ -44,12 +44,12 @@ export const teamsCrud = createCrud({
   docs: {
     clientList: {
       summary: "List teams",
-      description: "List all the teams that the current user is a member of.",
+      description: "List all the teams that the current user is a member of. `user_id=me` must be passed in the query parameters.",
       tags: ["Teams"],
     },
     clientCreate: {
       summary: "Create a team",
-      description: "Create a new team and add the current user as a member.",
+      description: "Create a new team and optionally add the current user as a member.",
       tags: ["Teams"],
     },
     clientRead: {
@@ -59,7 +59,7 @@ export const teamsCrud = createCrud({
     },
     serverCreate: {
       summary: "Create a team",
-      description: "Create a new team and add the current user as a member.",
+      description: "Create a new team and optionally add the current user as a member.",
       tags: ["Teams"],
     },
     serverList: {
@@ -74,7 +74,7 @@ export const teamsCrud = createCrud({
     },
     serverUpdate: {
       summary: "Update a team",
-      description: "Update a team by ID.",
+      description: "Update the team information by ID.",
       tags: ["Teams"],
     },
     serverDelete: {
diff --git a/packages/stack-shared/src/interface/crud/users.ts b/packages/stack-shared/src/interface/crud/users.ts
index 44dbea9ba..43569a5bc 100644
--- a/packages/stack-shared/src/interface/crud/users.ts
+++ b/packages/stack-shared/src/interface/crud/users.ts
@@ -15,7 +15,6 @@ export const usersCrudServerUpdateSchema = fieldSchema.yupObject({
 }).required();
 
 export const usersCrudServerReadSchema = fieldSchema.yupObject({
-  project_id: fieldSchema.projectIdSchema.required(),
   id: fieldSchema.userIdSchema.required(),
   primary_email: fieldSchema.primaryEmailSchema.nullable().defined(),
   primary_email_verified: fieldSchema.primaryEmailVerifiedSchema.required(),
@@ -30,7 +29,7 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
     id: fieldSchema.yupString().required(),
     account_id: fieldSchema.yupString().required(),
     email: fieldSchema.yupString().nullable(),
-  }).required()).required().meta({ openapiField: { description: 'A list of OAuth providers connected to this account', exampleValue: ['google', 'github'] } }),
+  }).required()).required().meta({ openapiField: { description: 'A list of OAuth providers connected to this account', exampleValue: [{ id: 'google', account_id: '12345', email: 'john.doe@gmail.com' }] } }),
   client_metadata: fieldSchema.userClientMetadataSchema,
   server_metadata: fieldSchema.userServerMetadataSchema,
 }).required();
diff --git a/packages/stack-shared/src/schema-fields.ts b/packages/stack-shared/src/schema-fields.ts
index 2e50cf7c3..5064f6371 100644
--- a/packages/stack-shared/src/schema-fields.ts
+++ b/packages/stack-shared/src/schema-fields.ts
@@ -1,13 +1,14 @@
 import * as yup from "yup";
 import { isUuid } from "./utils/uuids";
 
-const _idDescription = (identify: string) => `The immutable ID used to uniquely identify this ${identify}`;
-const _displayNameDescription = (identify: string) => `Human-readable ${identify} display name, used in places like frontend UI. This is not a unique identifier.`;
+const _idDescription = (identify: string) => `The unique identifier of this ${identify}`;
+const _displayNameDescription = (identify: string) => `Human-readable ${identify} display name. This is not a unique identifier.`;
 const _clientMetaDataDescription = (identify: string) => `Client metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client.`;
 const _serverMetaDataDescription = (identify: string) => `Server metadata. Used as a data store, only accessible from the server side. You can store secret information related to the ${identify} here.`;
 const _atMillisDescription = (identify: string) => `(the number of milliseconds since epoch, January 1, 1970, UTC)`;
 const _createdAtMillisDescription = (identify: string) => `The time the ${identify} was created ${_atMillisDescription(identify)}`;
 const _updatedAtMillisDescription = (identify: string) => `The time the ${identify} was last updated ${_atMillisDescription(identify)}`;
+const _signedUpAtMillisDescription = `The time the user signed up ${_atMillisDescription}`;
 
 declare const StackAdaptSentinel: unique symbol;
 export type StackAdaptSentinel = typeof StackAdaptSentinel;
@@ -149,8 +150,8 @@ export const primaryEmailSchema = emailSchema.meta({ openapiField: { description
 export const primaryEmailVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });
 export const userDisplayNameSchema = yupString().nullable().meta({ openapiField: { description: _displayNameDescription('user'), exampleValue: 'John Doe' } });
 export const selectedTeamIdSchema = yupString().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
-export const profileImageUrlSchema = yupString().meta({ openapiField: { description: 'Profile image URL', exampleValue: 'https://example.com/image.jpg' } });
-export const signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: 'Signed up at milliseconds', exampleValue: 1630000000000 } });
+export const profileImageUrlSchema = yupString().meta({ openapiField: { description: 'Profile image URL. Can be a Base64 encoded image. Please compress and crop to a square before passing in.', exampleValue: 'https://example.com/image.jpg' } });
+export const signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: _signedUpAtMillisDescription, exampleValue: 1630000000000 } });
 export const userClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('user'), exampleValue: { key: 'value' } } });
 export const userServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('user'), exampleValue: { key: 'value' } } });
 
@@ -184,7 +185,7 @@ export const teamPermissionDefinitionIdSchema = yupString()
     }
     return true;
   })
-  .meta({ openapiField: { description: `The permission ID used to uniquely identify a permission. Can either be a custom permission with lowercase letters, numbers, ":", and "_" characters, or one of the system permissions: ${teamSystemPermissions.join(', ')}`, exampleValue: '$read_secret_info' } });
+  .meta({ openapiField: { description: `The permission ID used to uniquely identify a permission. Can either be a custom permission with lowercase letters, numbers, \`:\`, and \`_\` characters, or one of the system permissions: ${teamSystemPermissions.map(x => `\`${x}\``).join(', ')}`, exampleValue: 'read_secret_info' } });
 export const customTeamPermissionDefinitionIdSchema = yupString()
   .matches(/^[a-z0-9_:]+$/, 'Only lowercase letters, numbers, ":", "_" are allowed')
   .meta({ openapiField: { description: 'The permission ID used to uniquely identify a permission. Can only contain lowercase letters, numbers, ":", and "_" characters', exampleValue: 'read_secret_info' } });
diff --git a/packages/stack/src/lib/stack-app.ts b/packages/stack/src/lib/stack-app.ts
index 28a4c6ceb..e072aad15 100644
--- a/packages/stack/src/lib/stack-app.ts
+++ b/packages/stack/src/lib/stack-app.ts
@@ -705,7 +705,6 @@ class _StackClientAppImpl<HasTokenStore extends boolean, ProjectId extends strin
       throw new StackAssertionError("User not found");
     }
     return {
-      projectId: crud.project_id,
       id: crud.id,
       displayName: crud.display_name,
       primaryEmail: crud.primary_email,
@@ -1910,7 +1909,6 @@ type Auth = {
 
 export type User =
   & {
-    readonly projectId: string,
     readonly id: string,
 
     readonly displayName: string | null,
@@ -1968,7 +1966,6 @@ export type User =
   & AsyncStoreProperty<"permissions", [scope: Team, options?: { recursive?: boolean }], TeamPermission[], true>;
 
 type BaseUser = Pick<User,
-  | "projectId"
   | "id"
   | "displayName"
   | "primaryEmail"