Skip to main content
All requests use a single endpoint: POST /functions/v1/api with resource: "profiles".

Access control

ActionRegular userAdmin
allNoYes
listNoYes
getOwn profile onlyAny profile
createNoYes
updateOwn profile onlyAny profile
deleteOwn profile onlyAny profile
Admin endpoints require a role starting with internal_ (e.g. internal_admin). Non-admin users attempting admin-only actions receive a 403 Forbidden response.

role values

ValueDescription
"standard_user"Business owner — can create and manage agents, view leads, and access all standard features
"consumer"End user — can talk to agents and interact with consumer-facing features
"internal_admin"Full platform access — can manage all users, agents, marketplace listings, and system settings
Profile mutations (create, update, delete) are automatically logged to the activities table as user_action events. Update actions include the list of changed fields in the activity metadata.

List all profiles (admin)

Retrieves all profiles with complete joined data including subscriptions, call purchases, and phone subscriptions.
resource
string
required
Must be "profiles"
action
string
required
Must be "all"
data
object

Response

success
boolean
data
object
const response = await ApiService.invoke<{
  profiles: Profile[];
  count: number;
  limit: number;
  offset: number;
}>({
  resource: "profiles",
  action: "all",
  data: {
    limit: 100,
    offset: 0,
    filters: {
      role: "internal_admin",
    },
  },
});

List basic profiles (admin)

Retrieves a paginated list of profiles with basic fields only, optimized for lists and dropdowns.
resource
string
required
Must be "profiles"
action
string
required
Must be "list"
data
object

Response

success
boolean
data
object
const response = await ApiService.invoke<{
  profiles: Profile[];
  count: number;
}>({
  resource: "profiles",
  action: "list",
  data: {
    limit: 50,
    filters: {
      searchTerm: "john@example.com",
    },
  },
});

Get a profile

Retrieves a single profile with complete details including subscriptions and team data. Users can only access their own profile; admins can access any profile.
resource
string
required
Must be "profiles"
action
string
required
Must be "get"
id
string
required
The profile ID (user UUID).

Response

success
boolean
data
object
const { user } = await supabase.auth.getUser();
const response = await ApiService.invoke<{ profile: Profile }>({
  resource: "profiles",
  action: "get",
  id: user.id,
});

const subscriptions = response?.profile?.call_purchases;

Create a profile (admin)

Creates a new user profile. The id must match an existing auth user UUID.
resource
string
required
Must be "profiles"
action
string
required
Must be "create"
data
object
required

Response (status 201)

success
boolean
data
object
const response = await ApiService.invoke<{ profile: Profile }>(
  {
    resource: "profiles",
    action: "create",
    data: {
      id: "auth-user-uuid-here",
      full_name: "Jane Smith",
      email: "jane@example.com",
      role: "standard_user",
    },
  },
  201
);

Update a profile

Updates an existing profile. Users can only update their own profile; admins can update any profile. This is a partial update — only include the fields you want to change.
resource
string
required
Must be "profiles"
action
string
required
Must be "update"
id
string
required
The profile ID (user UUID).
data
object
required
Any combination of profile fields. See the create action for the full list of fields (all fields except id are accepted).

Response

success
boolean
data
object
const response = await ApiService.invoke<{ profile: Profile }>({
  resource: "profiles",
  action: "update",
  id: userId,
  data: {
    full_name: "John Doe",
    timezone: "America/New_York",
    company_name: "Acme Corp",
  },
});

Delete a profile

Permanently deletes a profile. Users can only delete their own profile; admins can delete any profile.
resource
string
required
Must be "profiles"
action
string
required
Must be "delete"
id
string
required
The profile ID (user UUID).

Response

success
boolean
data
object
This permanently deletes the profile record.
const response = await ApiService.invoke<{
  success: boolean;
  message: string;
}>({
  resource: "profiles",
  action: "delete",
  id: "user-uuid",
});

Profile object

The full profile object returned by all, get, create, and update actions.

Core fields

id
string
User UUID.
full_name
string | null
email
string | null
role
string | null
avatar_url
string | null

Contact information

phone_number
string | null
phone_country_code
string | null

Address

address_line1
string | null
address_line2
string | null
city
string | null
state_province
string | null
country
string | null
country_name
string | null
postal_code
string | null

Company

company_name
string | null
job_title
string | null

Preferences

date_of_birth
string | null
timezone
string | null
preferred_language
string | null
billing_currency
string | null

External IDs

stripe_id
string | null
hubspot_id
string | null

Marketplace

marketplace_creator_bio
string | null
marketplace_creator_verified
boolean | null

Team

team_id
number | null
team
object | null

Subscription

subscription
object | null

Call purchases

call_purchases
object[]

Phone subscriptions

phone_subscriptions
object[]

Timestamps

created_at
string
updated_at
string

Activity logging

Profile mutations are logged to the activities table:
ActionActivity typeAction logged
Createuser_actionprofile_created
Updateuser_actionprofile_updated (includes updated_fields in metadata)
Deleteuser_actionprofile_deleted

Error responses

StatusCodeDescription
400VALIDATION_ERRORProfile ID not provided
401UNAUTHORIZEDInvalid or missing authentication token
403FORBIDDENNon-admin accessing admin-only action, or user accessing another user’s profile
404NOT_FOUNDProfile does not exist
500INTERNAL_ERRORDatabase operation failed