It is not possible to API PATCH the same user account that owns the API token.

Steps to reproduce the issue

• Create API token and set as env var TOKEN
• Sample (adopt site URL and user id from TOKEN user):

  curl -k -X PATCH -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
    -w "\nHTTP status: %{http_code}\n" \
    https://host.docker.internal:7154/api/index.php/v1/users/42 -d '{ 
      "email": "new@example.com"
    }' 
  

Expected result

• HTTP status OK, user entry with changed email is returned, e.g.

{"links":{"self":"https:\/\/host.docker.internal:7154\/api\/index.php\/v1\/users\/881"},"data":{"type":"users","id":"881","attributes":{"groups":{"2":2},"id":881,"name":"Tester","username":"tester","email":"new@example.com","block":0,"sendEmail":0,"registerDate":"2026-01-28 17:15:22","lastvisitDate":null,"lastResetTime":null,"resetCount":0}}}
HTTP status: 200

Actual result

• HTTP Bad Request with mystery error message

{"errors":[{"title":"Field required: Email Notifications"}]}
HTTP status: 400

System information (as much as possible)

• Joomla branch 5.4-dev

Additional comments

• Found in testing #46750 and earlier