Skip to main content

Endpoint

PUT /api/users/{username}

Authentication

This endpoint requires authentication using a JWT Bearer token. 
Authorization: Bearer <token>

Path Parameters

username
string
required
The username of the user to update

Request Body

All fields in the request body are optional unless otherwise specified.
userName
string
New username for the user. Must be unique across all users.
firstName
string
User’s first name
lastName
string
User’s last name
email
string
User’s email address. Must be unique across all users.
phoneNumber
string
User’s phone number. Must be unique across all users.
profileImage_MediaUrl
string
URL to the user’s profile image. Must be a valid URL.
bio
string
User biography. Maximum 200 characters.
providedOldPassword
string
Current password. Required when changing password (providedNewPassword is set).
providedNewPassword
string
New password for the user account. Requires providedOldPassword for verification.
Website
string
User’s website URL. Must be a valid URL.
Gender
string
User’s gender. Maximum 20 characters.
PushNotifications
boolean
Enable or disable push notifications
AccountPrivacy
boolean
Set account privacy status (true for private, false for public)
Verified
boolean
Verification status of the account

Request Example

curl -X PUT https://api.example.com/api/users/johndoe \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "firstName": "John",
    "lastName": "Doe",
    "email": "[email protected]",
    "bio": "Software developer and tech enthusiast",
    "Website": "https://johndoe.com",
    "PushNotifications": true,
    "AccountPrivacy": false
  }'

Response

Success Response

Status Code: 204 No Content The user profile was successfully updated. No response body is returned.

Error Responses

Status Code: 401 Unauthorized Returned when:
  • No valid JWT Bearer token is provided
  • Old password verification fails when changing password
Status Code: 404 Not Found 
"The user was not found"
The specified username does not exist in the system. Status Code: 409 Conflict Returned when trying to update to a value that’s already taken: 
"Username is already taken"

"Email is already taken"

"Phone Number is already taken"

Validation Logic

The endpoint performs the following validations:
  1. Username uniqueness: If updating username, checks that the new username is not already in use by another user
  2. Email uniqueness: If updating email, verifies the new email is not already registered
  3. Phone number uniqueness: If updating phone number, ensures it’s not already associated with another account
  4. Password verification: When changing password, the old password must be provided and verified before the new password is set
Password Change Requires VerificationWhen updating the password, you must provide the providedOldPassword field. The system will verify the old password before accepting the new password. If the old password is incorrect, the request will fail with a 401 Unauthorized response.

Implementation Details

From auth.endpoints.cs:54-97, the update handler:
  • Loads the user with their profile using Include(u => u.UserProfile)
  • Only updates fields that are provided (null fields are ignored)
  • Validates uniqueness constraints before updating username, email, or phone number
  • Uses IPasswordHasher to verify old password and hash new password
  • Updates both User and UserProfile entities in a single transaction
  • Returns 204 No Content on successful update

Build docs developers (and LLMs) love

Get started for freeTalk to us