Profile Picture
Upload, replace, or delete the authenticated user's profile picture
Manage the authenticated user's profile picture. This page covers creating (uploading), updating (replacing), and deleting a profile picture.
All three operations accept the same file constraints: maximum 5 MB, formats bmp, gif, jpeg, jpg, png, svg. Uploaded images are resized to 200×200 pixels.
Create Picture
Upload a profile picture. Fails if a picture already exists — use Update instead.
Endpoint
POST /user/picture| Access | Requirement |
|---|---|
| Authenticated | Yes |
| Required Scope | wapi-user-create, or wapi-user-all |
| Rate Limit | 5 requests per minute |
Request
Headers
| Header | Value |
|---|---|
Accept | application/json |
Authorization | Bearer <access_token> |
X-WAPI-Key | wapi_live_<kid>_<secret> or wapi_test_<kid>_<secret> |
Send exactly one of Authorization or X-WAPI-Key.
Body (multipart/form-data)
| Parameter | Type | Required | Description |
|---|---|---|---|
picture | file | Yes | Image file (max 5 MB; bmp, gif, jpeg, jpg, png, svg) |
Responses
201 Created
{
"message": "Created"
}409 Conflict
Returned if a profile picture already exists.
{
"message": "A profile picture already exists."
}400 Bad Request
{
"message": "The picture must be a file of type: bmp, gif, jpeg, jpg, png, svg."
}Example
curl -X POST "https://ttsb.wipayfinancial.com/wapi/user/picture" \
-H "Accept: application/json" \
-H "Authorization: Bearer <access_token>" \
-F "picture=@/path/to/photo.jpg"Update Picture
Replace an existing profile picture. Fails if no picture exists yet — use Create first.
Endpoint
PATCH /user/picture| Access | Requirement |
|---|---|
| Authenticated | Yes |
| Required Scope | wapi-user-update, or wapi-user-all |
| Rate Limit | 5 requests per minute |
Request
Headers
| Header | Value |
|---|---|
Accept | application/json |
Authorization | Bearer <access_token> |
X-WAPI-Key | wapi_live_<kid>_<secret> or wapi_test_<kid>_<secret> |
Send exactly one of Authorization or X-WAPI-Key.
Body (multipart/form-data)
| Parameter | Type | Required | Description |
|---|---|---|---|
picture | file | Yes | Image file (max 5 MB; bmp, gif, jpeg, jpg, png, svg) |
Some HTTP clients do not support file uploads with PATCH. If your client
cannot send a multipart file in a PATCH request, send a POST request to the
same URL and include a _method field set to PATCH in the form body. The
server treats this as a PATCH request.
Responses
200 OK
{
"message": "OK"
}400 Bad Request
Returned if no picture exists to replace, or if the file is invalid.
{
"message": "No profile picture exists."
}Example
curl -X PATCH "https://ttsb.wipayfinancial.com/wapi/user/picture" \
-H "Accept: application/json" \
-H "Authorization: Bearer <access_token>" \
-F "picture=@/path/to/new-photo.jpg"Delete Picture
Remove the existing profile picture. Fails if no picture exists.
Endpoint
DELETE /user/picture| Access | Requirement |
|---|---|
| Authenticated | Yes |
| Required Scope | wapi-user-delete, or wapi-user-all |
| Rate Limit | 5 requests per minute |
Request
Headers
| Header | Value |
|---|---|
Accept | application/json |
Authorization | Bearer <access_token> |
X-WAPI-Key | wapi_live_<kid>_<secret> or wapi_test_<kid>_<secret> |
Send exactly one of Authorization or X-WAPI-Key.
No request body required.
Responses
200 OK
{
"message": "OK"
}400 Bad Request
{
"message": "No profile picture exists."
}Example
curl -X DELETE "https://ttsb.wipayfinancial.com/wapi/user/picture" \
-H "Accept: application/json" \
-H "Authorization: Bearer <access_token>"Common Responses
These apply to all three picture operations.
401 Unauthorized
{
"message": "Unauthorized"
}403 Forbidden
{
"message": "Invalid scope(s) provided."
}