app send email verification token as userID. so i search others usersID in diff api responses. in /users/ api i got all users userID so with that infomation i took over account now tell me where it's incomplete.