Skip to main content

Overview

The User Profiles APIs provide comprehensive functionality for managing user account information, profile data, preferences, and account-related operations across the TalentG platform.

Base URL

https://talentg.vercel.app/api

Authentication

All profile operations require authentication. Users can only access and modify their own profile data unless they have admin permissions. 
Authorization: Bearer <supabase_jwt_token>
Content-Type: application/json

Profile Management

Get User Profile

Update Profile

Update Profile Picture

Account Settings

Update Preferences

Change Password

Account Verification

Send Email Verification

Verify Email

Account Management

Delete Account

Export Account Data

Check Export Status

Admin Operations

Admin Update Profile

Privacy & Data Protection

Data Retention

The platform implements the following data retention policies:
  • Active accounts: Data retained indefinitely
  • Deleted accounts: Data retained for 30 days, then anonymized
  • Suspended accounts: Data retained for 90 days before deletion
  • Exported data: Available for download for 7 days

Data Processing

All personal data processing complies with:
  • GDPR: General Data Protection Regulation (EU)
  • CCPA: California Consumer Privacy Act (US)
  • PDP Bill: Personal Data Protection Bill (India)

User Rights

Users have the right to:
  • Access: View all their personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request data deletion (“right to be forgotten”)
  • Portability: Export data in machine-readable format
  • Restriction: Limit data processing
  • Objection: Object to data processing for marketing

Error Handling

Common Error Codes

CodeHTTP StatusDescription
UNAUTHORIZED401User not authenticated
FORBIDDEN403Cannot access other user’s profile
NOT_FOUND404User profile not found
VALIDATION_ERROR400Invalid profile data
PASSWORD_MISMATCH400Current password verification failed
ACCOUNT_SUSPENDED403Account is suspended

Error Response Format

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid profile data",
    "details": {
      "field": "phone_number",
      "message": "Phone number format is invalid"
    }
  }
}

Rate Limiting

  • Profile reads: 100 requests per hour per user
  • Profile updates: 20 requests per hour per user
  • Password changes: 3 requests per hour per user
  • Email verification: 5 requests per hour per user
  • Data exports: 1 request per day per user

SDK Examples

const updateProfile = async (profileData) => {
  const token = await getSupabaseToken();

  const response = await fetch('/api/user-profile/user_123', {
    method: 'PUT',
    headers: {
      'Authorization': `Bearer ${token}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(profileData)
  });

  return response.json();
};

// Usage
const result = await updateProfile({
  full_name: "John Doe Jr.",
  profession: "Senior Software Engineer",
  company: "Tech Corp India"
});

Security Best Practices

Password Requirements

  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

Session Management

  • Automatic logout after 30 minutes of inactivity
  • Single session per user (new login invalidates old sessions)
  • Secure token storage and transmission

Data Encryption

  • All sensitive data encrypted at rest
  • TLS 1.3 for data in transit
  • Secure password hashing with bcrypt
  • Token encryption with industry standards
Never store passwords or sensitive authentication data in local storage. Always use secure HTTP-only cookies for session management.
Profile updates are logged for audit purposes. All password changes require current password verification for security.