Upload Account Avatar¶
Uploads an account avatar image through the common upload flow and stores it as
a public storage file. Use the returned UUID in PUT /account/me or
PUT /account/profile to update the account avatar field.
POST
https://{some_domain}/upload
Authorization¶
All requests must include a JWT token:
Authorization: <JWT_TOKEN>
Allowed session types:
SESSION_USERSESSION_CUSTOMER
For avatar uploads the server forces public storage scope and purpose
account_avatar.
Request¶
Content-Type: multipart/form-data
Body Parameters¶
| Field | Type | Required | Description |
|---|---|---|---|
purpose |
string | Yes | Must be account_avatar |
file |
file | Yes | Avatar image file. Allowed extensions: png, jpg, jpeg, webp, gif |
File size must not exceed 5MB.
Request Example¶
curl -X POST "https://{some_domain}/upload" \
-H "Authorization: <JWT_TOKEN>" \
-F "purpose=account_avatar" \
-F "[email protected]"
Response¶
Success (200)¶
{
"uploaded": [
{
"uuid": "8e68414e-0e3f-48dd-b7b8-f5be9e26d4f7",
"file_name": "8e68414e-0e3f-48dd-b7b8-f5be9e26d4f7.png",
"original_name": "avatar.png",
"content_type": "image/png",
"file_size": 18425,
"scope": 3,
"purpose": "account_avatar"
}
]
}
The avatar is available without authorization by UUID:
GET /storage/8e68414e-0e3f-48dd-b7b8-f5be9e26d4f7
The same file is also available by storage file name:
GET /storage/8e68414e-0e3f-48dd-b7b8-f5be9e26d4f7.png
Only files stored with public scope can be read without authorization.
To assign the uploaded avatar to an account, pass the returned UUID to
PUT /account/me. The account stores the avatar reference without /storage/:
{
"avatar": "8e68414e-0e3f-48dd-b7b8-f5be9e26d4f7"
}
Error Responses¶
| Code | Error | Description |
|---|---|---|
| 400 | INVALID_DATA |
Request validation failed |
| 400 | INVALID_AVATAR |
File extension is not allowed, file is empty, or file is larger than 5MB |
| 400 | RET_INVALID_DATA |
Storage validation failed, for example signature does not match extension |
| 401 | PERMISSION_DENIED |
Invalid or missing JWT |