Users can access their items via API. Authentication via API token. No public access to items.

lib/generic_rest_server_web/controllers/user_token_json.ex

@@ -0,0 +1,17 @@
+defmodule GenericRestServerWeb.UserTokenJSON do
+  def token(%{user: user}) do
+    %{
+      data: %{
+        id: user.id,
+        email: user.email,
+        token: user.token
+      }
+    }
+  end
+
+  def error(%{error: error}) do
+    %{
+      error: error
+    }
+  end
+end