# uploadProfilePhoto

Source: /openapi/thomas-federated.openapi.json

## Operation

| Method | URL |
|---|---|
| POST | https://api.thomas.co/v1/colleagues/{id}/photo |

| Field | Value |
|---|---|
| operationId | uploadProfilePhoto |
| method | POST |
| server | https://api.thomas.co/v1 |
| path | /colleagues/{id}/photo |
| tags | `Colleagues & Profiles` |
| summary | Upload profile photo (own profile only) |
| badges | `{"name":"Viewer"}`, `{"name":"Admin"}`, `{"name":"Owner"}` |

## Request Parameters

| Name | In | Required | Schema | Description |
|---|---|---|---|---|
| id | path | true | string |  |

## Request Body

None.

## Responses

| Status | Description | Schema refs |
|---|---|---|
| 200 | Photo uploaded successfully | #/components/schemas/PhotoUploadResponseDto |
| 401 | Invalid or missing authentication token (AUTH_TOKEN_INVALID) | #/components/schemas/ApiErrorResponseDto |
| 403 | Cannot upload photo to another user's profile | #/components/schemas/ApiErrorResponseDto |
| 404 | Company-individual not found | #/components/schemas/ApiErrorResponseDto |
| 422 | Validation error (format, size, or dimensions) | #/components/schemas/ApiErrorResponseDto |

## Artifact Examples

### Response 401 example

```json
{
  "statusCode": 401,
  "message": "Invalid or missing authentication token",
  "error": "AUTH_TOKEN_INVALID"
}
```

### Response 403 example

```json
{
  "statusCode": 403,
  "message": "Cannot upload a photo to another user's profile",
  "error": "PHOTO_FORBIDDEN"
}
```

### Response 404 example

```json
{
  "statusCode": 404,
  "message": "Colleague not found",
  "error": "IDENTITY_COMPANY_INDIVIDUAL_NOT_FOUND"
}
```

### Response 422 example

```json
{
  "statusCode": 422,
  "message": "Please upload a JPEG, PNG, or WebP image",
  "error": "PHOTO_FORMAT_INVALID"
}
```
