Skip to main content
PUT /api/user/profile Requires authentication.
Authorization
string
required
Bearer token obtained from /api/auth/login or /api/auth/signup. Format: Bearer <token>.

Request body

All fields are optional. Only the fields you include will be updated.
name
string
New display name for the user.
profile_picture
string
URL of the new profile picture.
email
string
New email address. Must not be in use by another account.
newPassword
string
New password to set for the account.
To change the password, provide newPassword. The authenticated JWT is used as the primary authorization check — no currentPassword field is required by the current implementation.
If you supply a new email, the API will reject the request with 400 if that address is already registered to another account.

Example

curl --request PUT \
  --url http://localhost:3000/api/user/profile \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "Maria S.",
    "email": "[email protected]",
    "newPassword": "newS3cr3t"
  }'

Response

200 OK Returns the full updated user profile, including the current email.
id
string
required
Unique identifier for the user.
name
string
required
The user’s display name.
email
string
required
The user’s current email address.
profile_picture
string
URL of the user’s profile picture. null if not set.
points
number
required
Total habit points accumulated.
current_streak
number
required
Current consecutive days with at least one completed habit.
max_streak
number
required
All-time highest streak.
created_at
string
required
ISO 8601 timestamp of when the account was created.
updated_at
string
required
ISO 8601 timestamp of the most recent profile update.
Example response
{
  "id": "a3f2c1d0-89b4-4e7a-b6f5-1234567890ab",
  "name": "Maria S.",
  "email": "[email protected]",
  "profile_picture": "https://example.com/avatars/maria.jpg",
  "points": 120,
  "current_streak": 5,
  "max_streak": 14,
  "created_at": "2026-01-10T08:30:00.000Z",
  "updated_at": "2026-03-17T10:05:00.000Z"
}

Errors

StatusDescription
400Supplied email is already in use by another account, or request body fails validation.
401Missing, invalid, or expired token.

Build docs developers (and LLMs) love

Get started for freeTalk to us