Finalize Avatar Upload

curl --request POST \
  --url https://api.member.dev/api/v1/portal/hubs/{hub_id}/me/avatar/{file_id}/finalize \
  --header 'Authorization: Bearer <token>'

{
  "data": {
    "attributes": {
      "avatar_file_id": "<string>",
      "bio": "<string>",
      "contact_id": "<string>",
      "created_at": "<string>",
      "display_name": "<string>",
      "hide_profile": true,
      "hub_id": "<string>",
      "photo_thumbnail_url": "<string>",
      "photo_thumbnail_url_expires_at": "2023-11-07T05:31:56Z",
      "photo_url": "<string>",
      "photo_url_expires_at": "2023-11-07T05:31:56Z",
      "updated_at": "<string>"
    },
    "id": "<string>",
    "type": "<string>",
    "links": {
      "self": "<string>"
    },
    "meta": {},
    "relationships": {}
  },
  "included": [
    "<unknown>"
  ],
  "links": {
    "self": "<string>"
  },
  "meta": {}
}

community-avatar-upload

Finalize Avatar Upload

Confirm S3 upload complete; run security gate; link avatar on CommunityProfile.

Security gate (design §5.2 — finalize): (a) contact JWT (b) resolve hub server-side + derive team_id (c) require_active_for_write membership check (d) file_id is in URL path — raw S3 keys never accepted (e) pre-finalize: File.team_id match + not deleted + created_by_contact_id match (f) MediaService.finalize_upload() (g) post-finalize: Media READY + asset_kind==image

S3 HEAD content_type in allowlist + content_length ≤ 5MB (h) idempotent update_avatar()

POST

api

portal

hubs

{hub_id}

avatar

{file_id}

finalize

Finalize Avatar Upload

curl --request POST \
  --url https://api.member.dev/api/v1/portal/hubs/{hub_id}/me/avatar/{file_id}/finalize \
  --header 'Authorization: Bearer <token>'

{
  "data": {
    "attributes": {
      "avatar_file_id": "<string>",
      "bio": "<string>",
      "contact_id": "<string>",
      "created_at": "<string>",
      "display_name": "<string>",
      "hide_profile": true,
      "hub_id": "<string>",
      "photo_thumbnail_url": "<string>",
      "photo_thumbnail_url_expires_at": "2023-11-07T05:31:56Z",
      "photo_url": "<string>",
      "photo_url_expires_at": "2023-11-07T05:31:56Z",
      "updated_at": "<string>"
    },
    "id": "<string>",
    "type": "<string>",
    "links": {
      "self": "<string>"
    },
    "meta": {},
    "relationships": {}
  },
  "included": [
    "<unknown>"
  ],
  "links": {
    "self": "<string>"
  },
  "meta": {}
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

hub_id

string

required

file_id

string

required

Response

Successful Response

data

JsonApiResource[CommunityProfileResponseAttributes] · object

required

Show child attributes

included

any[] | null

links

JsonApiLinks · object

Show child attributes