/users/{id}/avatar - Upload user avatar (admin)

PUT /users/{id}/avatar
Bearer auth

Upload a profile image for another user. Requires manage:users permission and hierarchical access to the target user. Self-modification is prevented (use PUT /me/avatar instead). The image is validated, resized to 256x256 pixels if larger, re-encoded as PNG, and stored in the database.

Path parameters

  • id string Required

    User Logto ID

multipart/form-data

Body Required

  • avatar string(binary) Required

    Avatar image file (PNG, JPEG, or WebP, max 500KB, resized to 256x256)

Responses

  • 200 application/json

    Avatar uploaded successfully

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attribute Show data attribute object
      • avatar_url string

        Public URL of the uploaded avatar
  • 400 application/json

    Bad request - validation error

    Hide response attributes Show response attributes object
    • code integer

      HTTP error code

    • message string

      Error message

    • data object
      Hide data attributes Show data attributes object
      • type string

        Type of error

        Values are validation_error or external_api_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

        • message string

          Error code or message

        • value string

          Value that failed validation

      • details

        Additional error details
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 403 application/json

    Forbidden - insufficient permissions

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 404 application/json

    Resource not found

    Hide response attributes Show response attributes object
    • code integer

      HTTP error code

    • message string

      Error message

    • data object
      Hide data attributes Show data attributes object
      • type string

        Type of error

        Values are validation_error or external_api_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

        • message string

          Error code or message

        • value string

          Value that failed validation

      • details

        Additional error details
  • 500 application/json

    Internal server error

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
PUT /users/{id}/avatar 
curl \
 --request PUT 'https://api.your-domain.com/api/users/jf584cz36kce/avatar' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: multipart/form-data" \
 --form "avatar=@file"
Response examples (200) 
{
  "code": 200,
  "message": "avatar uploaded successfully",
  "data": {
    "avatar_url": "https://my.nethesis.it/api/public/avatars/jf584cz36kce"
  }
}
Response examples (400) 
{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}
Response examples (403) 
{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}
Response examples (404) 
{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}
Response examples (500) 
{
  "code": 500,
  "message": "internal server error",
  "data": {}
}