Profile API
View and update the authenticated user's profile. All profile routes require Authorization: Bearer <access_token>. Base path: <API_BASE_URL(https://gritagencies.top/bodybyarwa)>/profile.
Profile endpoints
Returns the current user's profile. Includes user fields (id, email, first_name, last_name, phone, is_verified, phone_verified, roles, timestamps) and the applicable profile object (customer_profile, staff_profile, or admin_profile). Does not expose password_hash or token_version.
Update the current user's profile. Send only the fields you want to change in the JSON body. Returns the updated profile.
What can be updated
User: Only phone — and only when phone_verified is false. Once the phone is verified, it cannot be changed (403 if attempted).
Not editable: email, first_name, last_name cannot be changed via this API.
Customer profile (if the user has one): recipient_name, recipient_phone, address_line_1, address_line_2, city, state, postal_code, country, landmark.
GET /profile response shape
200 with JSON containing: id, email, first_name, last_name, phone, is_active, is_verified, phone_verified, created_at, updated_at, roles (array of role names), and one of customer_profile, staff_profile, or admin_profile (the others are null).
Errors
401 if missing or invalid token. 404 if user not found or inactive.
PATCH /profile request body
Optional fields (only include what you want to update):
phone— only when phone is not yet verifiedrecipient_name,recipient_phoneaddress_line_1,address_line_2,city,state,postal_code,country,landmark
403 if the request tries to change phone when phone_verified is true (message: "Phone cannot be changed after verification"). 409 if the new phone is already in use by another user (message: "Phone number already in use").