# /users/{id}/avatar - Upload user avatar (admin)

**PUT /users/{id}/avatar**

Upload a profile image for another user.
Requires manage:users permission and hierarchical access to the target user.
Self-modification is prevented (use PUT /me/avatar instead).
The image is validated, resized to 256x256 pixels if larger, re-encoded as PNG, and stored in the database.



## Servers
- Backend API server (port 8080): https://api.your-domain.com/api (Backend API server (port 8080))
- Collect API server (port 8081): https://collect.your-domain.com/api (Collect API server (port 8081))


## Authentication methods
- Bearer auth


## Parameters

### Path parameters
- **id** (string)
  User Logto ID


### Body: multipart/form-data (object)

- **avatar** (string(binary))
  Avatar image file (PNG, JPEG, or WebP, max 500KB, resized to 256x256)


## Responses
### 200
Avatar uploaded successfully

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object)


### 400
Bad request - validation error

#### Body: application/json (object)
- **code** (integer)
  HTTP error code
- **message** (string)
  Error message
- **data** (object)


### 401
Unauthorized - invalid or missing token

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object | null)


### 403
Forbidden - insufficient permissions

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object | null)


### 404
Resource not found

#### Body: application/json (object)
- **code** (integer)
  HTTP error code
- **message** (string)
  Error message
- **data** (object)


### 500
Internal server error

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object | null)



[Powered by Bump.sh](https://bump.sh)