diff --git a/doc/api.oa3 b/doc/api.oa3
index 35966a89..650a8911 100644
--- a/doc/api.oa3
+++ b/doc/api.oa3
@@ -185,36 +185,6 @@ paths:
         '500':
           description: internal server error
           
-  /admin/accounts/{accountId}/image:
-    get:
-      tags:
-        - admin
-      description: Get profile image of specified account. Access granted to admin username and password
-      operationId: get-node-account-image
-      security:
-        - basicAuth: []
-      parameters:
-        - name: accountId
-          in: path
-          description: id of specified account
-          required: true
-          schema:
-            type: string
-      responses: 
-        '200':
-          description: success
-          content:
-            application/octet-stream: # content specific
-              schema:
-                type: string
-                format: binary
-        '401':
-          description: permission denied
-        '405':
-          description: invalid image
-        '500':
-          description: internal server error
-          
   /admin/accounts/{accountId}:
     delete:
       tags:
@@ -316,7 +286,32 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/Profile'
-                  
+        '401':
+          description: permission denied
+        '500':
+          description: internal server error
+          
+  /account/listing/{guid}/image:
+    get:
+      tags:
+        - account
+      description: Get profile image of searchable accounts. Endpoint is publically accessible.
+      operationId: get-account-listing-image
+      parameters:
+        - name: guid
+          in: path
+          description: filter for specified guid 
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: success
+          content:
+            application/octet-stream: # content specific
+              schema:
+                type: string
+                format: binary
         '401':
           description: permission denied
         '500':
@@ -386,24 +381,6 @@ paths:
               type: boolean
               
   /account/profile:
-    get:
-      tags:
-        - account
-      description: Get account profile. Access granted to account's username and password.
-      operationId: get-account-profile
-      security:
-        - basicAuth: []
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Profile'
-        '401':
-          description: authentication error
-        '500':
-          description: internal server error
     post:
       tags:
         - account
diff --git a/net/server/internal/api_account.go b/net/server/internal/api_account.go
index c392829f..55607499 100644
--- a/net/server/internal/api_account.go
+++ b/net/server/internal/api_account.go
@@ -23,21 +23,6 @@ func GetAccountAsset(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
-func GetAccountDid(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
-	w.WriteHeader(http.StatusOK)
-}
-
-func GetAccountImage(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
-	w.WriteHeader(http.StatusOK)
-}
-
-func GetAccountProfile(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
-	w.WriteHeader(http.StatusOK)
-}
-
 func RemoveAccount(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 	w.WriteHeader(http.StatusOK)
diff --git a/net/server/internal/api_getAccountListingImage.go b/net/server/internal/api_getAccountListingImage.go
new file mode 100644
index 00000000..3ba07f1a
--- /dev/null
+++ b/net/server/internal/api_getAccountListingImage.go
@@ -0,0 +1,39 @@
+package databag
+
+import (
+  "time"
+  "bytes"
+  "errors"
+  "net/http"
+  "gorm.io/gorm"
+  "databag/internal/store"
+  "encoding/base64"
+)
+
+func GetAccountListingImage(w http.ResponseWriter, r *http.Request) {
+
+  var account store.Account
+  if err := store.DB.Preload("AccountDetail").Where("searchable = ? AND disabled = ?", true, false).First(&account).Error; err != nil {
+    if errors.Is(err, gorm.ErrRecordNotFound) {
+      ErrResponse(w, http.StatusNotFound, err)
+    } else {
+      ErrResponse(w, http.StatusInternalServerError, err)
+    }
+    return
+  }
+
+  if account.AccountDetail.Image == "" {
+    ErrResponse(w, http.StatusNotFound, errors.New("image not set"))
+    return
+  }
+
+  data, err := base64.StdEncoding.DecodeString(account.AccountDetail.Image)
+  if err != nil {
+    ErrResponse(w, http.StatusNotFound, errors.New("image not valid"))
+    return
+  }
+
+  // response with content
+  http.ServeContent(w, r, "image", time.Unix(account.Updated, 0), bytes.NewReader(data))
+}
+
diff --git a/net/server/internal/routers.go b/net/server/internal/routers.go
index 736f5bf2..1da17cbc 100644
--- a/net/server/internal/routers.go
+++ b/net/server/internal/routers.go
@@ -97,24 +97,17 @@ var routes = Routes{
 	},
 
 	Route{
-		"GetAccountDid",
+		"GetAccountListing",
 		strings.ToUpper("Get"),
-		"/account/did",
-		GetAccountDid,
+		"/account/listing",
+		GetAccountListing,
 	},
 
 	Route{
-		"GetAccountImage",
+		"GetAccountListingImage",
 		strings.ToUpper("Get"),
-		"/account/profile/image",
-		GetAccountImage,
-	},
-
-	Route{
-		"GetAccountProfile",
-		strings.ToUpper("Get"),
-		"/account/profile",
-		GetAccountProfile,
+		"/account/listing/{guid}/image",
+		GetAccountListingImage,
 	},
 
 	Route{