/api/v1/user/Update the authenticated user's notification preferences (`webhook_url`, `notify_email`, `notify_browser`).
Update the authenticated user's notification preferences (`webhook_url`, `notify_email`, `notify_browser`). EXEMPT (`cost: 0`). Other profile fields are immutable via this endpoint.
freeSince v1.0.0
Why use this
Update the authenticated user's notification preferences. EXEMPT (`cost: 0`). Only three fields are mutable here: `webhook_url`, `notify_email`, `notify_browser` — all other user fields (email, password, api_key, role, plan) are immutable via this endpoint by design (the handler hard-codes the allowlist). To change email/password use the dedicated /auth/* flows; to change subscription tier use [POST /api/v1/payment/create-checkout-session](/docs/account/billing-and-subscription/post-payment-create-checkout-session). The endpoint returns the full updated user object (same shape as GET /api/v1/user/) so dashboards can patch local state from the response without re-fetching.
Common use case
Dashboard 'Settings → Notifications' page submit handler: user toggles email/browser notifications + pastes their webhook URL → PUT here → backend persists + returns updated profile → SPA patches React state from the response.
Update notification preferences. EXEMPT (cost: 0). The handler restricts mutations to a hard-coded allowlist: webhook_url, notify_email, notify_browser. Email/password/api_key/role/plan are intentionally immutable via this endpoint — use the dedicated /auth/* flows for credentials, POST /api/v1/payment/create-checkout-session for plan upgrades. Returns the full updated user object so SPAs can patch local state from the response. To inspect the current state before updating, use GET /api/v1/user/. Webhook payload shape (when webhook_url is set and a sniper target fires) is documented in the Webhooks group.
Parameters
| Name | In | Required | Default | Allowed | Description | Example |
|---|---|---|---|---|---|---|
| webhook_url | body | optional | — | — | HTTPS URL for POST callbacks when sniper targets fire. Pass an empty string to clear. Validated client-side as `^https://`; server stores as-is up to 512 chars. Webhook payload shape is documented at the Webhooks section. | https://your-app.example.com/webhooks/finradar |
| notify_email | body | optional | — | — | Boolean — true to enable email notifications, false to disable. Default true on signup. Affects sniper-hit emails, billing-event emails, and product-update emails. | true |
| notify_browser | body | optional | — | — | Boolean — true to enable in-browser push notifications via the Web Push API, false to disable. Default true on signup. Browser must have granted notification permission separately for this to take effect. | true |
Response schema
| Field | Type | Nullable | Description |
|---|---|---|---|
| message | string | no | Top-level result. `Profile updated successfully` on 200. On error (400): the underlying exception message. On 404: `User not found` (defensive — JWT was valid but user was deleted between auth and now). |
| user | object | no | Full updated user profile (same shape as GET /api/v1/user/'s `user` field). Reflects the post-update state of the three mutable fields plus the bumped `updated_at`. Use to patch SPA state without re-fetching. |
| user.webhook_url | string | yes | Updated webhook URL. Null if the request body cleared it (passed empty string) or if the user had never set one and this PUT did not include `webhook_url`. |
| user.notify_email | boolean | no | Updated email-notification preference. Reflects the body's `notify_email` if present; otherwise unchanged from the prior value. |
| user.notify_browser | boolean | no | Updated in-browser push-notification preference. Same merge semantics as `notify_email`. |
| user.updated_at | string | no | Bumped to the current UTC timestamp on every successful PUT (`onupdate=datetime.utcnow` on the User model). |
Sample response
·
- "message": "Profile updated successfully"
- "user":
- "id": 42
- "uuid": "0f14ed05-3a2e-4b76-9c11-1a7c8b3f6de2"
- "email": "user@example.com"
- "usertype": "user"
- "api_key": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
- "verify_email": true
- "is_online": true
- "has_uat_access": false
- "billing_admin": false
- "credit_balance": 12.5
- "notify_email": false
- "notify_browser": true
- "webhook_url": "https://your-app.example.com/webhooks/finradar"
- "created_at": "2026-04-15T10:00:00.000Z"
- "updated_at": "2026-05-02T15:51:00.000Z"
Errors
| Status | Label | Description |
|---|---|---|
| 200 | OK | Request succeeded. |
| 400 | Bad Request | Invalid query, body, or path parameter. |
| 401 | Unauthorized | Missing or invalid Authorization header / api_Token. |
| 402 | Payment Required | Insufficient token balance for this call. Top up |
| 429 | Too Many Requests | Rate limit exceeded for your tier (see /pricing for tier limits). Tier limits |
| 500 | Server Error | Unexpected server-side failure. Retry with backoff; report if persistent. |
Code samples
curl -X PUT "https://api.finradar.ai/api/v1/user/" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Generate an API key in /account/credentials to run live queries (literal YOUR_API_KEY placeholder shown until then).