PUT /api/me/profile
Updates the authenticated user's profile fields.
Authentication
Requires an active session. Returns 401 if the user is not logged in.
Request
Method: PUT
URL: /api/me/profile
Content-Type: application/json
Allowed Profile Fields
Only fields defined in UserProfileFieldNames are accepted. Any keys not present in that enumeration are silently ignored — no error is returned for unknown keys.
The following fields are currently supported:
| Field | Description |
|---|---|
firstName |
The user's first name |
lastName |
The user's last name |
displayName |
The name displayed to other users |
email |
Email address (privacy setting only — see below) |
Field Value Format
Each field (except email) can be submitted in one of two formats:
Simple value:
{
"firstName": "Jane"
}
When a plain value is provided, the field is stored with a default privacy setting of "projects".
Explicit value with privacy:
{
"firstName": {
"value": "Jane",
"privacy": "public"
}
}
When the { value, privacy } object form is used, both the field value and its privacy setting are updated. If privacy is omitted from the object, it defaults to "projects".
Email Field
The email field is treated differently from other fields:
- The email value cannot be changed via this endpoint — only its privacy setting can be updated.
- If no email record exists yet for the user, one is created with a default privacy of
"projects". - To update email privacy, submit:
{
"email": {
"privacy": "public"
}
}
Privacy Levels
The privacy property controls who can see a profile field. Accepted values are defined by UserProfileAccessLevel:
| Value | Description |
|---|---|
"public" |
Visible to everyone |
"projects" |
Visible to members of shared projects (default) |
"private" |
Visible to the user only |
Request Body Example
{
"firstName": {
"value": "Jane",
"privacy": "public"
},
"lastName": "Doe",
"displayName": {
"value": "janedoe",
"privacy": "projects"
},
"email": {
"privacy": "private"
}
}
Response
On success, returns the updated public user object with status 200.
{
"id": "user_abc123",
"displayName": "janedoe",
"profileFields": {
"firstName": { "value": "Jane", "privacy": "public" },
"lastName": { "value": "Doe", "privacy": "projects" },
"displayName": { "value": "janedoe", "privacy": "projects" },
"email": { "privacy": "private" }
}
}
Error Responses
| Status | Reason |
|---|---|
401 |
User is not authenticated |
404 |
User record not found |
Notes
- The
idkey in the request body is always ignored. - Unknown field keys are silently dropped — the request will still succeed for valid fields.
- Submitting a field with
{ value, privacy }where"value"is not present in the object will cause the field to be treated as a plain value assignment of the whole object. Ensure the"value"key is explicitly included when using the object form.
GET /api/users/{userId}/avatar/url
Note: This endpoint has been introduced but is not yet implemented. The documentation below describes the intended behavior and will be updated once the implementation is complete.
Retrieves the avatar URL for a given user.
Authentication
Authentication and authorization requirements will be documented once the endpoint is implemented. It is expected that this endpoint will require an active session, and that access may be restricted based on the target user's profile privacy settings.
Request
Method: GET
URL: /api/users/{userId}/avatar/url
Path Parameters
| Parameter | Type | Description |
|---|---|---|
userId |
string |
The ID of the user whose avatar URL is being requested |
Response
The expected response shape and status codes will be documented once the implementation is available. The response is anticipated to include a URL string pointing to the user's avatar image, or an appropriate fallback if no avatar has been set.
Error Responses
Expected error responses will be documented once the implementation is complete. At minimum, the following are anticipated:
| Status | Reason |
|---|---|
401 |
User is not authenticated |
404 |
User not found |