Autional Autional
API Reference GitHub autional.com →

POST /admin/profiles/policy

Create a tenant profile management policy configuration. Publish policy creation event. Admin write permission.

User Profile `bearerAuth` application/json

Request Body

Schema: dto.ProfilePolicyDTO

FieldTypeRequiredExampleConstraintsDescription
allowed_avatar_types array of

string

No
auto_archive_after_days integer No
avatar_upload_enabled boolean No
cache_ttl_seconds integer No
completeness_enabled boolean No
completeness_weights object No extra keys: `integer`
custom_fields_enabled boolean No
default_profile_visibility string No
default_show_email boolean No
default_show_location boolean No
default_show_phone boolean No
max_avatar_size_bytes integer No
max_custom_fields integer No
max_social_links integer No
max_tags_per_user integer No
privacy_impact_enabled boolean No
public_profile_enabled boolean No
required_fields array of

string

No
retention_days_after_delete integer No
social_links_enabled boolean No
tags_enabled boolean No

Responses

StatusDescriptionSchema
200Policy created successfullydto.ProfilePolicyDetailResponse
400Invalid request parametersdto.Problem
401Unauthenticated or token expireddto.Problem
403No admin permissiondto.Problem
409Policy already existsdto.Problem
500Internal server errordto.Problem

Referenced Schemas

dto.FieldViolation

FieldTypeRequiredExampleConstraintsDescription
code string No Code is the error code (optional) Used for programmatic identification of error types, such as "required", "format", "range"
description string No Description is a human-readable error description Should explain what rule was violated, such as "Must be a valid email address"
field string No Field is the path to the error field Use dot notation for nested fields, such as "user.email" or "addresses[0].city"
value object No Value is the value that caused the error (optional, used in development mode) May not be returned in production to avoid leaking sensitive information

dto.Problem

FieldTypeRequiredExampleConstraintsDescription
code integer No Code is the business error code Used for programmatic handling of specific error scenarios Example: 30101001
detail string No Detail is a human-readable explanation for this specific error instance Can include specific error details, such as "Field 'email' is required"
errors array of

See dto.FieldViolation

No Errors is a list of field-level validation errors (extension field) Follows Web API standard practices, each error contains field name and error message
i18n_args object No I18nArgs are internationalization parameters Used to dynamically fill translation templates
i18n_key string No I18nKey is the internationalization key Used for client-side localization of error messages Example: "error.user_not_found"
instance string No Instance is the specific URI reference where the problem occurred Usually the request URL, may include query parameters Example: "/api/v1/users?limit=invalid"
request_id string No RequestID is the unique request identifier Used for log correlation and issue tracking Example: "req_550e8400-e29b-41d4-a716-446655440000"
retry_after integer No RetryAfter is used for 429 Too Many Requests responses Indicates how many seconds the client should wait before retrying (RFC 6585)
service string No Service is the service name Used in microservice architectures to locate the error source Example: "auth-service"
span_id string No SpanID is the current span identifier Used to precisely locate the current node in a distributed trace
status integer No Status is the HTTP status code generated Used by clients to distinguish problem types, does not change with Accept-Language Example: 400, 401, 403, 404, 500
timestamp string No Timestamp is the error occurrence time ISO 8601 format Example: "2026-04-03T12:00:00Z"
title string No Title is a short, human-readable summary of the problem type The same Type should always have the same Title (does not change per instance) Example: "Invalid Request Parameters"
trace_id string No TraceID is the distributed tracing identifier Follows W3C Trace Context standard Example: "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01"
type string No Type is a URI reference that identifies the problem type When dereferenced, should provide human-readable documentation Example: "https://api.example.com/errors/invalid-request"

dto.ProfilePolicyDetailResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
data dto.ProfilePolicyResponse No
message string No
timestamp string No

dto.ProfilePolicyResponse

FieldTypeRequiredExampleConstraintsDescription
allowed_avatar_types array of

string

No
auto_archive_after_days integer No
avatar_upload_enabled boolean No
cache_ttl_seconds integer No
completeness_enabled boolean No
completeness_weights object No extra keys: `integer`
custom_fields_enabled boolean No
default_profile_visibility string No
default_show_email boolean No
default_show_location boolean No
default_show_phone boolean No
max_avatar_size_bytes integer No
max_custom_fields integer No
max_social_links integer No
max_tags_per_user integer No
privacy_impact_enabled boolean No
public_profile_enabled boolean No
required_fields array of

string

No
retention_days_after_delete integer No
social_links_enabled boolean No
tags_enabled boolean No
tenant_id string No
updated_at string No