Update a User
Update a user.
These are the attributes that can be updated at the root level:
- app_metadata
- blocked
- email_verified
- family_name
- given_name
- name
- nickname
- password
- phone_number
- phone_verified
- picture
- username
- user_metadata
- verify_email
Some considerations:
- The properties of the new object will replace the old ones.
- The metadata fields are an exception to this rule (
user_metadataandapp_metadata). These properties are merged instead of being replaced but be careful, the merge only occurs on the first level. - If you are updating
email,email_verified,phone_number,phone_verified,usernameorpasswordof a secondary identity, you need to specify theconnectionproperty too. - If you are updating
emailorphone_numberyou can specify, optionally, theclient_idproperty. - Updating
email_verifiedis not supported for enterprise and passwordless sms connections. - Updating the
blockedtofalsedoes not affect the user’s blocked state from an excessive amount of incorrectly provided credentials. Use the “Unblock a user” endpoint from the “User Blocks” API to change the user’s state. - Supported attributes can be unset by supplying
nullas the value.
Updating a field (non-metadata property)
To mark the email address of a user as verified, the body to send should be:
{ "email_verified": true }
Updating a user metadata root property
Let’s assume that our test user has the following user_metadata:
{ "user_metadata" : { "profileCode": 1479 } }
To add the field addresses the body to send should be:
{ "user_metadata" : { "addresses": {"work_address": "100 Industrial Way"} }}
The modified object ends up with the following user_metadata property:
{
"user_metadata": {
"profileCode": 1479,
"addresses": { "work_address": "100 Industrial Way" }
}
}
Updating an inner user metadata property
If there’s existing user metadata to which we want to add "home_address": "742 Evergreen Terrace" (using the addresses property) we should send the whole addresses object. Since this is a first-level object, the object will be merged in, but its own properties will not be. The body to send should be:
{
"user_metadata": {
"addresses": {
"work_address": "100 Industrial Way",
"home_address": "742 Evergreen Terrace"
}
}
}
The modified object ends up with the following user_metadata property:
{
"user_metadata": {
"profileCode": 1479,
"addresses": {
"work_address": "100 Industrial Way",
"home_address": "742 Evergreen Terrace"
}
}
}
Documentation Index
Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
ID of the user to update.
Body
Whether this user was blocked by an administrator (true) or not (false).
Whether this email address is verified (true) or unverified (false). If set to false the user will not receive a verification email unless verify_email is set to true.
Email address of this user.
The user's phone number (following the E.164 recommendation).
^\+[0-9]{1,15}$Whether this phone number has been verified (true) or not (false).
User metadata to which this user has read/write access.
User metadata to which this user has read-only access.
Given name/first name/forename of this user.
1 - 150Family name/last name/surname of this user.
1 - 150Name of this user.
1 - 300Preferred nickname or alias of this user.
1 - 300URL to picture, photo, or avatar of this user.
Whether this user will receive a verification email after creation (true) or no email (false). Overrides behavior of email_verified parameter.
Whether this user will receive a text after changing the phone number (true) or no text (false). Only valid when changing phone number for SMS connections.
New password for this user. Only valid for database connections.
1Name of the connection to target for this user update.
1Auth0 client ID. Only valid when updating email address.
1The user's username. Only valid if the connection requires a username.
1 - 128Response
User successfully updated.
ID of the user which can be used when interacting with other APIs.
Email address of this user.
Whether this email address is verified (true) or unverified (false).
Username of this user.
Phone number for this user. Follows the E.164 recommendation.
Whether this phone number has been verified (true) or not (false).
Date and time when this user was created (ISO_8601 format).
Date and time when this user was created (ISO_8601 format).
Array of user identity objects when accounts are linked.
User metadata to which this user has read-only access.
User metadata to which this user has read/write access.
URL to picture, photo, or avatar of this user.
Name of this user.
Preferred nickname or alias of this user.
List of multi-factor authentication providers with which this user has enrolled.
Last IP address from which this user logged in.
Date and time when this user was created (ISO_8601 format).
Total number of logins this user has performed.
Whether this user was blocked by an administrator (true) or is not (false).
Given name/first name/forename of this user.
Family name/last name/surname of this user.