Appearance
Profile Update
Updates the authenticated user's profile information. This endpoint is directly related to the tenant's Profile Schema configuration. All profile fields defined in the profile schema can be updated through this endpoint. If the user does not have a profile, one will be created.
Endpoint
PATCH /account/profileAuthentication: Tenant authentication and user authentication required
Description
The profile-update endpoint allows authenticated users to update their profile information. The endpoint automatically determines whether to create a new profile or update an existing one based on whether the user already has a profile.
Request
The request body is a dynamic object that can contain any profile fields defined in the tenant's profile schema. The available fields, their types, and validation rules are determined by the profile schema configuration. See Profile Schema Overview for detailed information about profile schemas.
Request Body Structure
json
{
"field1": "value1",
"field2": ["option1", "option2"],
"field3": "1990-01-15T00:00:00.000Z"
}Note: All fields are validated according to the tenant's profile schema. Fields not defined in the schema will be ignored.
Response
Status Code: 200 OK
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"data": {
"id": "01ARZ3NDEKTSV4RRFFQ69G5FAV",
"field1": "value1",
"field2": ["option1", "option2"],
"field3": "1990-01-15T00:00:00.000Z",
"createdAt": "2025-01-10T10:00:00.000Z",
"updatedAt": "2025-01-15T10:30:00.000Z"
}
}| Field | Type | Description |
|---|---|---|
id | string | ULID profile identifier |
createdAt | string | ISO 8601 profile creation timestamp |
updatedAt | string | ISO 8601 profile last update timestamp |
[key] | unknown | Profile fields defined in the profile schema |
The response includes all profile fields that are defined in the tenant's profile schema.
Rate Limiting
Rate limiting is applied to prevent abuse and ensure system stability. The profile-update endpoint has the following rate limits:
| Limit Type | Rate | Window |
|---|---|---|
| Per IP | 30 requests | 1 hour |
When rate limits are exceeded, the API returns a 429 Too Many Requests status code.
For information about rate limit headers, see Rate Limiting in the overview.
Errors
For detailed explanations of all error codes, see the Error Codes page where you can find all system errors.
400 Bad Request - Validation Error
Occurs when the request body fails validation. Common causes include invalid field values or validation rules not met according to the profile schema component configuration.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "The provided request data is invalid.",
"code": "VALIDATION_ERROR",
"status": 400,
"validation": {
"field1": "String must contain at least 1 character(s)",
"field2": "Invalid date format",
"field3": "Expected array, received string"
}
}
}| Field | Error Message | Cause |
|---|---|---|
[field] | String must contain at least 1 character(s) | Field value does not meet minimum length requirement |
[field] | Invalid date format | Date field is not in valid ISO 8601 format |
[field] | Expected array, received string | Field type mismatch (expected array but received string) |
[field] | Validation rule not met | Field value does not meet component validation rules |
All validation errors are based on the profile schema configuration.
401 Unauthorized - Invalid or Missing Token
Occurs when the user authentication token is missing, invalid, or the user referenced in the token does not exist.
Error codes:
MISSING_USER_TOKEN- User authentication token is missing from the requestINVALID_USER_TOKEN- User authentication token is invalid or malformedTOKEN_USER_NOT_FOUND- Token is valid but the user referenced in the token does not exist in the database
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Missing user token",
"code": "MISSING_USER_TOKEN",
"status": 401
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Invalid user token",
"code": "INVALID_USER_TOKEN",
"status": 401
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "User not found",
"code": "TOKEN_USER_NOT_FOUND",
"status": 401
}
}403 Forbidden - Restricted Capability
Occurs when the profile-update capability is restricted for the tenant or user.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Capability profile-update is restricted",
"code": "RESTRICTED_CAPABILITY",
"status": 403
}
}429 Too Many Requests - Rate Limit Exceeded
Occurs when the rate limit is exceeded. See Rate Limiting section for details.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Too many requests",
"code": "TOO_MANY_REQUESTS",
"status": 429
}
}500 Internal Server Error
Occurs when an internal error happens during profile update. Common causes include missing authenticated user context, missing tenant configuration, or other unexpected system state.
Error codes:
UNEXPECTED_STATE- Unexpected system state (e.g., missing authenticated user context, missing tenant configuration)INTERNAL_SERVER- General internal server error
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Authenticated user or tenant not found in storage",
"code": "UNEXPECTED_STATE",
"status": 500
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Something went wrong on our side.",
"code": "INTERNAL_SERVER",
"status": 500
}
}Notes
- The endpoint automatically creates a profile if the user does not have one, or updates the existing profile
- Only fields defined in the tenant's profile schema can be updated - fields not in the schema will be ignored
- Partial updates are supported - you can update only the fields you want to change