diff --git a/doc/api.oa3 b/doc/api.oa3
index 90b7ff73..8f8599f7 100644
--- a/doc/api.oa3
+++ b/doc/api.oa3
@@ -359,7 +359,6 @@ paths:
             application/json:
               schema:
                 type: string
-        '401':
         '401':
           description: permission denied
         '500':
@@ -726,6 +725,8 @@ paths:
           description: account disabled
         '500':
           description: internal server error
+          
+  /profile/data:
     put:
       tags:
         - profile
@@ -772,6 +773,30 @@ paths:
           description: account disabled
         '500':
           description: internal server error
+    put:
+      tags:
+        - profile
+      description: Set base64 encode image data for profile. Access granted to app tokens of account holder.
+      operationId: set-profile-image
+      security:
+        - bearerAuth: []
+      responses:
+        '200':
+          description: success
+        '401':
+          description: permission denied
+        '405':
+          description: invalid image
+        '410':
+          description: account disabled
+        '500':
+          description: internal server error
+      requestBody:
+        content:
+          application/octet-stream:
+            schema:
+              type: string
+              format: binary
           
   /profile/message:
     get:
@@ -3992,16 +4017,12 @@ components:
     ProfileData:
       type: object
       properties:
-        handle:
-          type: string
         name:
           type: string
         description:
           type: string
         location:
           type: string
-        image:
-          type: string
           
     Account:
       type: object
@@ -4477,7 +4498,7 @@ components:
   
     basicCredentials:
       type: http
-      schema      
+      scheme: basic 
 
     bearerAuth: 
       type: http
diff --git a/net/server/internal/api_authorize.go b/net/server/internal/api_authorize.go
index af47e992..ee7b8c1a 100644
--- a/net/server/internal/api_authorize.go
+++ b/net/server/internal/api_authorize.go
@@ -27,7 +27,7 @@ func Authorize(w http.ResponseWriter, r *http.Request) {
   var token string
   err := ParseRequest(r, w, &token)
   if err != nil {
-    w.WriteHeader(http.StatusBadRequest);
+    w.WriteHeader(http.StatusBadRequest)
     return
   }
 
diff --git a/net/server/internal/api_getProfile.go b/net/server/internal/api_getProfile.go
new file mode 100644
index 00000000..687a1cce
--- /dev/null
+++ b/net/server/internal/api_getProfile.go
@@ -0,0 +1,34 @@
+package databag
+
+import (
+  "net/http"
+)
+
+func GetProfile(w http.ResponseWriter, r *http.Request) {
+
+  account, res := BearerAppToken(r, true);
+  if res != nil {
+    w.WriteHeader(http.StatusUnauthorized)
+    return
+  }
+  if account.Disabled {
+    w.WriteHeader(http.StatusGone);
+    return
+  }
+  detail := account.AccountDetail
+
+  // send profile data
+  profile := Profile {
+    Guid: account.Guid,
+    Handle: account.Username,
+    Name: detail.Name,
+    Description: detail.Description,
+    Location: detail.Location,
+    Image: detail.Image,
+    Revision: account.ProfileRevision,
+    Version: APP_VERSION,
+    Node: "https://" + getStrConfigValue(CONFIG_DOMAIN, "") + "/",
+  }
+  WriteResponse(w, profile)
+}
+
diff --git a/net/server/internal/api_profile.go b/net/server/internal/api_profile.go
index bd244ee3..94f695b2 100644
--- a/net/server/internal/api_profile.go
+++ b/net/server/internal/api_profile.go
@@ -13,11 +13,6 @@ import (
 	"net/http"
 )
 
-func GetProfile(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
-	w.WriteHeader(http.StatusOK)
-}
-
 func GetProfileImage(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 	w.WriteHeader(http.StatusOK)
@@ -28,7 +23,8 @@ func GetProfileMessage(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
-func SetProfile(w http.ResponseWriter, r *http.Request) {
+func SetProfileImage(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 	w.WriteHeader(http.StatusOK)
 }
+
diff --git a/net/server/internal/api_setProfile.go b/net/server/internal/api_setProfile.go
new file mode 100644
index 00000000..700ced11
--- /dev/null
+++ b/net/server/internal/api_setProfile.go
@@ -0,0 +1,41 @@
+package databag
+
+import (
+  "net/http"
+  "databag/internal/store"
+)
+
+func SetProfile(w http.ResponseWriter, r *http.Request) {
+
+  account, res := BearerAppToken(r, true);
+  if res != nil {
+    w.WriteHeader(http.StatusUnauthorized)
+    return
+  }
+  if account.Disabled {
+    w.WriteHeader(http.StatusGone);
+    return
+  }
+  detail := account.AccountDetail
+
+  // extract profile data from body
+  var profileData ProfileData;
+  err := ParseRequest(r, w, &profileData)
+  if err != nil {
+    w.WriteHeader(http.StatusBadRequest)
+    return
+  }
+
+  // update record
+  detail.Name = profileData.Name
+  detail.Location = profileData.Location
+  detail.Description = profileData.Description
+  if store.DB.Save(&detail).Error != nil {
+    w.WriteHeader(http.StatusInternalServerError)
+    return
+  }
+
+  w.Header().Set("Content-Type", "application/json; charset=UTF-8")
+  w.WriteHeader(http.StatusOK)
+}
+
diff --git a/net/server/internal/models.go b/net/server/internal/models.go
index 2c182e9d..57a23650 100644
--- a/net/server/internal/models.go
+++ b/net/server/internal/models.go
@@ -244,11 +244,9 @@ type Profile struct {
 }
 
 type ProfileData struct {
-	Handle string `json:"handle,omitempty"`
 	Name string `json:"name,omitempty"`
 	Description string `json:"description,omitempty"`
 	Location string `json:"location,omitempty"`
-	Image string `json:"image,omitempty"`
 }
 
 type Revision struct {
diff --git a/net/server/internal/routers.go b/net/server/internal/routers.go
index 39268644..53b9edd9 100644
--- a/net/server/internal/routers.go
+++ b/net/server/internal/routers.go
@@ -860,10 +860,17 @@ var routes = Routes{
 	Route{
 		"SetProfile",
 		strings.ToUpper("Put"),
-		"/profile",
+		"/profile/data",
 		SetProfile,
 	},
 
+	Route{
+		"SetProfileImage",
+		strings.ToUpper("Put"),
+		"/profile/image",
+		SetProfileImage,
+	},
+
 	Route{
 		"AddGroup",
 		strings.ToUpper("Post"),
@@ -899,3 +906,4 @@ var routes = Routes{
 		Status,
 	},
 }
+
diff --git a/net/server/internal/ucAttachApp_test.go b/net/server/internal/ucAttachApp_test.go
index 7646d109..5465b6d0 100644
--- a/net/server/internal/ucAttachApp_test.go
+++ b/net/server/internal/ucAttachApp_test.go
@@ -62,5 +62,24 @@ func TestAttachAccount(t *testing.T) {
   assert.Less(t, cur - 60, auth.Timestamp)
 
   // set profile
+  profileData := ProfileData{
+    Name: "Namer",
+    Location: "San Francisco",
+    Description: "databaggerr",
+  };
+  r, w, _ = NewRequest("PUT", "/profile/data", &profileData)
+  SetBearerAuth(r, access)
+  SetProfile(w, r)
+  assert.NoError(t, ReadResponse(w, nil))
+
+  // get profile
+  r, w, _ = NewRequest("GET", "/profile", nil)
+  SetBearerAuth(r, access)
+  GetProfile(w, r)
+  var profile Profile
+  assert.NoError(t, ReadResponse(w, &profile))
+  assert.Equal(t, guid, profile.Guid)
+  assert.Equal(t, "user", profile.Handle)
+  assert.Equal(t, "Namer", profile.Name)
 }