Profile
Errors
Validation and auth error shapes returned by the Profile API.
All errors are JSON with a single error string and the matching HTTP status.
{ "error": "<message>" }Status codes
| Status | When |
|---|---|
400 | Invalid user_id, malformed JSON body, failed field validation, or no updatable fields supplied |
401 | Missing or invalid auth (no bearer / cookie / service key) |
403 | Service key used on POST /io/profile/avatar (first-party only) |
404 | Profile not found and could not be provisioned |
500 | Storage or database write failure |
Validation messages
| Field | Message | Cause |
|---|---|---|
display_name | Name cannot be empty | Empty string after trim |
display_name | Name must be 100 characters or fewer | Over 100 chars |
gender | Gender is required and must be one of: male, female, non_binary, prefer_not_to_say, other | Not in allowed set / empty |
date_of_birth | Date of birth is required and must be a valid past date (age 13–120) | Invalid or out-of-range date |
phone | Phone number is invalid | Fails [+()\-\s\d]{5,30} |
| body | No updatable fields provided | PATCH with no recognized fields |
file | Unsupported image type (use JPEG, PNG, WebP, or GIF) | Disallowed MIME |
file | Image must be 5 MB or smaller | Over the size cap |
Fail-closed for products
When a product proxies this API server-to-server and the call fails, treat the profile as unavailable rather than assuming a complete profile. Do not silently bypass the completion hard-gate on transient errors.