--- title: Member Profile Update tags: [member, profile, security, dropins] --- Update a logged-in member's profile from the widget. **Identity fields — phone, email, and the POI customer-id (UDF) — are intentionally not editable here**; only ordinary profile fields are. This keeps a shopper from re-pointing their account to someone else's storefront identity or contact. > **TL;DR** — `PATCH /api/v1/members/:poiId` accepts an **allowlist** of profile fields. Phone is forced from the session, the customer-id UDF is never writable, and email can only be **added once** — never overwritten. --- ## 1. Endpoint ``` PATCH {BASE_URL}/api/v1/members/:poiId Authorization: Bearer ``` Send a partial member object. Only allowlisted keys reach Simply Club; anything else is dropped server-side (no error — silently ignored). ## 2. What you can edit | Field | Notes | |---|---| | `first_name`, `last_name` (or `fullName`) | | | `birthday`, `wedding_day` | `DD/MM/YYYY` | | `personal_id` | | | marketing consent — `if_send_sms`, `if_send_email`, `marketingOptIn` | | ## 3. What you can't edit (and why) | Field | Rule | |---|---| | **phone** | Forced from the authenticated session. Changing it needs a fresh OTP. | | **customer-id (UDF)** | Never client-writable — prevents claiming another shopper's storefront identity. | | **email** | Cannot be **overwritten**. Can be **added once** when empty — see §4. | ## 4. Email is write-once Email is not an identity/lookup key (Simply Club identity is [phone-only](/content/login/fast-login)) — but it can be stored as contact info. It is accepted **only** when **both** hold: - the member has **no email yet**, **and** - **no other member** already uses that address. A same-value resend is a no-op. Changing an existing email is rejected — that needs a verified email-change flow, which is not yet available. ## 5. Error codes | HTTP | Code | Meaning | |---|---|---| | 400 | `INVALID_EMAIL` | Email is malformed. | | 400 | `EMAIL_TAKEN` | Another member already uses this email. | | 400 | `EMAIL_CHANGE_FORBIDDEN` | The member already has a different email; changing it here is not allowed. | | 400 | `MEMBER_LOAD_FAILED` | The session's member could not be loaded — retry. | --- **Related:** [Fast Login](/content/login/fast-login) · [Login From Backend](/content/login/server-handoff-login)