--- title: PUT /api/me/profile --- Updates the authenticated user's profile fields. ## Authentication Requires an active session. Returns `401` if the user is not logged in. ## Request **Method:** `PUT` **URL:** `/api/me/profile` **Content-Type:** `application/json` ### Allowed Profile Fields Only fields defined in `UserProfileFieldNames` are accepted. Any keys not present in that enumeration are **silently ignored** — no error is returned for unknown keys. The following fields are currently supported: | Field | Description | |---|---| | `firstName` | The user's first name | | `lastName` | The user's last name | | `displayName` | The name displayed to other users | | `email` | Email address (privacy setting only — see below) | ### Field Value Format Each field (except `email`) can be submitted in one of two formats: **Simple value:** ```json { "firstName": "Jane" } ``` When a plain value is provided, the field is stored with a default privacy setting of `"projects"`. **Explicit value with privacy:** ```json { "firstName": { "value": "Jane", "privacy": "public" } } ``` When the `{ value, privacy }` object form is used, both the field value and its privacy setting are updated. If `privacy` is omitted from the object, it defaults to `"projects"`. ### Email Field The `email` field is treated differently from other fields: - **The email value cannot be changed** via this endpoint — only its privacy setting can be updated. - If no email record exists yet for the user, one is created with a default privacy of `"projects"`. - To update email privacy, submit: ```json { "email": { "privacy": "public" } } ``` ### Privacy Levels The `privacy` property controls who can see a profile field. Accepted values are defined by `UserProfileAccessLevel`: | Value | Description | |---|---| | `"public"` | Visible to everyone | | `"projects"` | Visible to members of shared projects (default) | | `"private"` | Visible to the user only | ## Request Body Example ```json { "firstName": { "value": "Jane", "privacy": "public" }, "lastName": "Doe", "displayName": { "value": "janedoe", "privacy": "projects" }, "email": { "privacy": "private" } } ``` ## Response On success, returns the updated public user object with status `200`. ```json { "id": "user_abc123", "displayName": "janedoe", "profileFields": { "firstName": { "value": "Jane", "privacy": "public" }, "lastName": { "value": "Doe", "privacy": "projects" }, "displayName": { "value": "janedoe", "privacy": "projects" }, "email": { "privacy": "private" } } } ``` ## Error Responses | Status | Reason | |---|---| | `401` | User is not authenticated | | `404` | User record not found | ## Notes - The `id` key in the request body is always ignored. - Unknown field keys are silently dropped — the request will still succeed for valid fields. - Submitting a field with `{ value, privacy }` where `"value"` is not present in the object will cause the field to be treated as a plain value assignment of the whole object. Ensure the `"value"` key is explicitly included when using the object form. --- # GET /api/users/{userId}/avatar/url > **Note:** This endpoint has been introduced but is not yet implemented. The documentation below describes the intended behavior and will be updated once the implementation is complete. Retrieves the avatar URL for a given user. ## Authentication Authentication and authorization requirements will be documented once the endpoint is implemented. It is expected that this endpoint will require an active session, and that access may be restricted based on the target user's profile privacy settings. ## Request **Method:** `GET` **URL:** `/api/users/{userId}/avatar/url` ### Path Parameters | Parameter | Type | Description | |---|---|---| | `userId` | `string` | The ID of the user whose avatar URL is being requested | ## Response The expected response shape and status codes will be documented once the implementation is available. The response is anticipated to include a URL string pointing to the user's avatar image, or an appropriate fallback if no avatar has been set. ## Error Responses Expected error responses will be documented once the implementation is complete. At minimum, the following are anticipated: | Status | Reason | |---|---| | `401` | User is not authenticated | | `404` | User not found |