Skip to content

Update Customer Profile

Update the authenticated customer's profile information. All input fields are optional — send only the fields you want to change.

Note on password fields: currentPassword, password, and confirmPassword are only required when the customer wants to change their password. For a regular profile update (name, email, phone, date of birth, etc.) you can omit all three. If you do change the password, you must send all three together — currentPassword to verify the existing password, plus password and confirmPassword for the new password (which must match).

The same mutation also handles profile image updates via the image (base64 upload) or deleteImage (remove existing) fields.

Authentication

This query requires a valid customer authentication token in the Authorization header. Use the Customer Login API to retrieve the token.

Authorization: Bearer <accessToken>

Mutation

graphql
mutation updateCustomerProfile($input: createCustomerProfileUpdateInput!) {
  createCustomerProfileUpdate(input: $input) {
    customerProfileUpdate {
      id
      firstName
      lastName
      email
      phone
      gender
      dateOfBirth
      status
      subscribedToNewsLetter
      isVerified
      isSuspended
      image
      success
      message
    }
  }
}

Input Fields

NameTypeRequiredDescription
firstNameString❌ NoCustomer's first name
lastNameString❌ NoCustomer's last name
emailString❌ NoCustomer's email address (must be unique)
phoneString❌ NoPhone number
genderString❌ NoGender — one of male, female, other
dateOfBirthString❌ NoDate of birth in YYYY-MM-DD format
currentPasswordString⚠️ ConditionalRequired when changing password
passwordString⚠️ ConditionalNew password
confirmPasswordString⚠️ ConditionalNew password confirmation (must match password)
subscribedToNewsLetterBoolean❌ NoNewsletter subscription flag
statusString❌ NoCustomer status (admin-controlled fields)
isVerifiedString❌ NoVerification status
isSuspendedString❌ NoSuspension status
imageString❌ NoProfile image as a base64 data URI (e.g. data:image/jpeg;base64,...)
deleteImageBoolean❌ NoSet to true to remove the existing profile image

Response Fields

The mutation returns the updated profile under createCustomerProfileUpdate.customerProfileUpdate.

FieldTypeDescription
idIDCustomer identifier
firstNameStringFirst name
lastNameStringLast name
emailStringEmail address
phoneStringPhone number
genderStringGender
dateOfBirthStringDate of birth (YYYY-MM-DD)
statusStringCustomer status
subscribedToNewsLetterBooleanNewsletter subscription flag
isVerifiedStringVerification flag
isSuspendedStringSuspension flag
imageStringURL/path to stored profile image
successBooleanOperation success flag
messageStringSuccess or error message

Validation Rules

  • First name and last name can contain letters and spaces.
  • Email must be a valid format and unique across all customers.
  • Date of birth must be in YYYY-MM-DD format.
  • Gender must be one of: male, female, other.
  • Password change requires all three of currentPassword, password, and confirmPassword. password must match confirmPassword, and currentPassword must match the existing password on file.
  • image must be a valid base64 data URI (data:image/<jpeg|png|gif|webp>;base64,...).
  • Sending deleteImage: true removes any existing stored image — pair it with no image field to clear the profile picture.

Error Responses

json
{
  "errors": [
    {
      "message": "The email has already been taken.",
      "extensions": { "category": "validation" }
    }
  ]
}

Other common error cases:

  • Current password is incorrect.currentPassword does not match.
  • The password confirmation does not match.passwordconfirmPassword.
  • Invalid image format.image is not a recognized base64 data URI.
  • Unauthenticated. — missing or invalid Bearer token.

Released under the MIT License.