I've been learning REST API for couple months for my applications. I built a project which have login, register, reset password, change password. But I have a logic trouble at updating user image.
For example; when I change the user password I use this; /api/user/updatePassword/{email}/{token}/{password}
I validate code(token) from email. If its true and token not expired, I change! (By the way token is the code that I send to user, not token actually)
But I don't have an option in user photo. When user use backend like; "change the user photo which has this e-mail" may occur security problems as API.
How can I get through this and what is the best practice?
(I use PHP Slim framework and MySQL)