Error
Users
Update the caller's profile (username / avatar / bio / privacy).
Username renames are cooldown-limited (14 days) and case-insensitively unique — a pure case change of your own name is always allowed. Avatars must be URLs from the app’s own moderated images bucket. profilePublic: false hides the aggregated profile and anonymizes leaderboard rows (on-chain activity stays public by nature).
PATCH
Error
Authorizations
HttpOnly session cookie set by POST /v1/auth/session. Mutating requests must also send the CSRF token (returned by that call) in the x-csrf-token header.
Body
application/json

