Update Member - Stytch Docs

// PUT /v1/b2b/organizations/{organization_id}/members/{member_id}
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  member_id: "${memberId}",
  name: "Jane Doe",
  external_id: "my-new-external-id",
};

const options = {
  authorization: {
    session_token: '${sessionToken}',
  },
};

client.Organizations.Members.Update(params, options)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "member_id": "<string>",
  "member": {
    "organization_id": "<string>",
    "member_id": "<string>",
    "email_address": "<string>",
    "status": "<string>",
    "name": "<string>",
    "sso_registrations": [
      {
        "connection_id": "<string>",
        "external_id": "<string>",
        "registration_id": "<string>",
        "sso_attributes": {}
      }
    ],
    "is_breakglass": true,
    "member_password_id": "<string>",
    "oauth_registrations": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "member_oauth_registration_id": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>"
      }
    ],
    "email_address_verified": true,
    "mfa_phone_number_verified": true,
    "is_admin": true,
    "totp_registration_id": "<string>",
    "retired_email_addresses": [
      {
        "email_id": "<string>",
        "email_address": "<string>"
      }
    ],
    "is_locked": true,
    "mfa_enrolled": true,
    "mfa_phone_number": "<string>",
    "default_mfa_method": "<string>",
    "roles": [
      {
        "role_id": "<string>",
        "sources": [
          {
            "type": "<string>",
            "details": {}
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "scim_registration": {
      "connection_id": "<string>",
      "registration_id": "<string>",
      "external_id": "<string>",
      "scim_attributes": {
        "user_name": "<string>",
        "id": "<string>",
        "external_id": "<string>",
        "active": true,
        "groups": [
          {
            "value": "<string>",
            "display": "<string>"
          }
        ],
        "display_name": "<string>",
        "nick_name": "<string>",
        "profile_url": "<string>",
        "user_type": "<string>",
        "title": "<string>",
        "preferred_language": "<string>",
        "locale": "<string>",
        "timezone": "<string>",
        "emails": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "phone_numbers": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "addresses": [
          {
            "formatted": "<string>",
            "street_address": "<string>",
            "locality": "<string>",
            "region": "<string>",
            "postal_code": "<string>",
            "country": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "ims": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "photos": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "entitlements": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "roles": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "x509certificates": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "name": {
          "formatted": "<string>",
          "family_name": "<string>",
          "given_name": "<string>",
          "middle_name": "<string>",
          "honorific_prefix": "<string>",
          "honorific_suffix": "<string>"
        },
        "enterprise_extension": {
          "employee_number": "<string>",
          "cost_center": "<string>",
          "division": "<string>",
          "department": "<string>",
          "organization": "<string>",
          "manager": {
            "value": "<string>",
            "ref": "<string>",
            "display_name": "<string>"
          }
        }
      }
    },
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "organization": {
    "organization_id": "<string>",
    "organization_name": "<string>",
    "organization_logo_url": "<string>",
    "organization_slug": "<string>",
    "sso_jit_provisioning": "<string>",
    "sso_jit_provisioning_allowed_connections": [
      "<string>"
    ],
    "sso_active_connections": [
      {
        "connection_id": "<string>",
        "display_name": "<string>",
        "identity_provider": "<string>"
      }
    ],
    "email_allowed_domains": [
      "<string>"
    ],
    "email_jit_provisioning": "<string>",
    "email_invites": "<string>",
    "auth_methods": "<string>",
    "allowed_auth_methods": [
      "<string>"
    ],
    "mfa_policy": "<string>",
    "rbac_email_implicit_role_assignments": [
      {
        "domain": "<string>",
        "role_id": "<string>"
      }
    ],
    "mfa_methods": "<string>",
    "allowed_mfa_methods": [
      "<string>"
    ],
    "oauth_tenant_jit_provisioning": "<string>",
    "claimed_email_domains": [
      "<string>"
    ],
    "first_party_connected_apps_allowed_type": "<string>",
    "allowed_first_party_connected_apps": [
      "<string>"
    ],
    "third_party_connected_apps_allowed_type": "<string>",
    "allowed_third_party_connected_apps": [
      "<string>"
    ],
    "custom_roles": [
      {
        "role_id": "<string>",
        "description": "<string>",
        "permissions": [
          {
            "resource_id": "<string>",
            "actions": [
              "<string>"
            ]
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "organization_external_id": "<string>",
    "sso_default_connection_id": "<string>",
    "scim_active_connection": {
      "connection_id": "<string>",
      "display_name": "<string>",
      "bearer_token_last_four": "<string>",
      "bearer_token_expires_at": "<string>"
    },
    "allowed_oauth_tenants": {}
  },
  "status_code": 123
}

PUT

b2b

organizations

{organization_id}

members

{member_id}

// PUT /v1/b2b/organizations/{organization_id}/members/{member_id}
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  member_id: "${memberId}",
  name: "Jane Doe",
  external_id: "my-new-external-id",
};

const options = {
  authorization: {
    session_token: '${sessionToken}',
  },
};

client.Organizations.Members.Update(params, options)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "member_id": "<string>",
  "member": {
    "organization_id": "<string>",
    "member_id": "<string>",
    "email_address": "<string>",
    "status": "<string>",
    "name": "<string>",
    "sso_registrations": [
      {
        "connection_id": "<string>",
        "external_id": "<string>",
        "registration_id": "<string>",
        "sso_attributes": {}
      }
    ],
    "is_breakglass": true,
    "member_password_id": "<string>",
    "oauth_registrations": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "member_oauth_registration_id": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>"
      }
    ],
    "email_address_verified": true,
    "mfa_phone_number_verified": true,
    "is_admin": true,
    "totp_registration_id": "<string>",
    "retired_email_addresses": [
      {
        "email_id": "<string>",
        "email_address": "<string>"
      }
    ],
    "is_locked": true,
    "mfa_enrolled": true,
    "mfa_phone_number": "<string>",
    "default_mfa_method": "<string>",
    "roles": [
      {
        "role_id": "<string>",
        "sources": [
          {
            "type": "<string>",
            "details": {}
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "scim_registration": {
      "connection_id": "<string>",
      "registration_id": "<string>",
      "external_id": "<string>",
      "scim_attributes": {
        "user_name": "<string>",
        "id": "<string>",
        "external_id": "<string>",
        "active": true,
        "groups": [
          {
            "value": "<string>",
            "display": "<string>"
          }
        ],
        "display_name": "<string>",
        "nick_name": "<string>",
        "profile_url": "<string>",
        "user_type": "<string>",
        "title": "<string>",
        "preferred_language": "<string>",
        "locale": "<string>",
        "timezone": "<string>",
        "emails": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "phone_numbers": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "addresses": [
          {
            "formatted": "<string>",
            "street_address": "<string>",
            "locality": "<string>",
            "region": "<string>",
            "postal_code": "<string>",
            "country": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "ims": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "photos": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "entitlements": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "roles": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "x509certificates": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "name": {
          "formatted": "<string>",
          "family_name": "<string>",
          "given_name": "<string>",
          "middle_name": "<string>",
          "honorific_prefix": "<string>",
          "honorific_suffix": "<string>"
        },
        "enterprise_extension": {
          "employee_number": "<string>",
          "cost_center": "<string>",
          "division": "<string>",
          "department": "<string>",
          "organization": "<string>",
          "manager": {
            "value": "<string>",
            "ref": "<string>",
            "display_name": "<string>"
          }
        }
      }
    },
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "organization": {
    "organization_id": "<string>",
    "organization_name": "<string>",
    "organization_logo_url": "<string>",
    "organization_slug": "<string>",
    "sso_jit_provisioning": "<string>",
    "sso_jit_provisioning_allowed_connections": [
      "<string>"
    ],
    "sso_active_connections": [
      {
        "connection_id": "<string>",
        "display_name": "<string>",
        "identity_provider": "<string>"
      }
    ],
    "email_allowed_domains": [
      "<string>"
    ],
    "email_jit_provisioning": "<string>",
    "email_invites": "<string>",
    "auth_methods": "<string>",
    "allowed_auth_methods": [
      "<string>"
    ],
    "mfa_policy": "<string>",
    "rbac_email_implicit_role_assignments": [
      {
        "domain": "<string>",
        "role_id": "<string>"
      }
    ],
    "mfa_methods": "<string>",
    "allowed_mfa_methods": [
      "<string>"
    ],
    "oauth_tenant_jit_provisioning": "<string>",
    "claimed_email_domains": [
      "<string>"
    ],
    "first_party_connected_apps_allowed_type": "<string>",
    "allowed_first_party_connected_apps": [
      "<string>"
    ],
    "third_party_connected_apps_allowed_type": "<string>",
    "allowed_third_party_connected_apps": [
      "<string>"
    ],
    "custom_roles": [
      {
        "role_id": "<string>",
        "description": "<string>",
        "permissions": [
          {
            "resource_id": "<string>",
            "actions": [
              "<string>"
            ]
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "organization_external_id": "<string>",
    "sso_default_connection_id": "<string>",
    "scim_active_connection": {
      "connection_id": "<string>",
      "display_name": "<string>",
      "bearer_token_last_four": "<string>",
      "bearer_token_expires_at": "<string>"
    },
    "allowed_oauth_tenants": {}
  },
  "status_code": 123
}

Updates a specified by organization_id and member_id.

RBAC Enforced APIIf a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the Action on the Resource prior to honoring the request.To learn more, see the RBAC guide.

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Headers

X-Stytch-Member-Session

string

A Stytch session that can be used to run the request with the given member's permissions.

X-Stytch-Member-SessionJWT

string

A Stytch Session JSON Web Token (JWT) that can be used to run the request with the given member's permissions.

Path Parameters

organization_id

string

required

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id

string

required

Globally unique UUID that identifies a specific Member. The member_id is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

Body

application/json

Request type

name

string

The name of the Member.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.info.name action on the stytch.member Resource. Alternatively, if the Member Session matches the Member associated with the member_id passed in the request, the authorization check will also allow a Member Session that has permission to perform the update.info.name action on the stytch.self Resource.

trusted_metadata

object

An arbitrary JSON object for storing application-specific data or identity-provider-specific data. If a session header is passed into the request, this field may not be passed into the request. You cannot update trusted metadata when acting as a Member.

untrusted_metadata

object

An arbitrary JSON object of application-specific data. These fields can be edited directly by the frontend SDK, and should not be used to store critical information. See the Metadata resource for complete field behavior details.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.info.untrusted-metadata action on the stytch.member Resource. Alternatively, if the Member Session matches the Member associated with the member_id passed in the request, the authorization check will also allow a Member Session that has permission to perform the update.info.untrusted-metadata action on the stytch.self Resource.

is_breakglass

boolean

Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the Organization object and its auth_methods and allowed_auth_methods fields for more details.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.settings.is-breakglass action on the stytch.member Resource.

mfa_phone_number

string

Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the Delete member phone number endpoint to delete the Member's existing phone number first.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.info.mfa-phone action on the stytch.member Resource. Alternatively, if the Member Session matches the Member associated with the member_id passed in the request, the authorization check will also allow a Member Session that has permission to perform the update.info.mfa-phone action on the stytch.self Resource.

mfa_enrolled

boolean

Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to REQUIRED_FOR_ALL.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.settings.mfa-enrolled action on the stytch.member Resource. Alternatively, if the Member Session matches the Member associated with the member_id passed in the request, the authorization check will also allow a Member Session that has permission to perform the update.settings.mfa-enrolled action on the stytch.self Resource.

roles

string[]

Roles to explicitly assign to this Member. Will completely replace any existing explicitly assigned roles. See the RBAC guide for more information about role assignment.

If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO authentication factors with the affected connection ID. You can preserve these sessions by passing in the preserve_existing_sessions parameter with a value of true.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.settings.roles action on the stytch.member Resource.

preserve_existing_sessions

boolean

Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned by SSO connection or SSO group. Defaults to false - that is, existing Member Sessions that contain SSO authentication factors with the affected SSO connection IDs will be revoked.

default_mfa_method

string

The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are sms_otp and totp.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.settings.default-mfa-method action on the stytch.member Resource. Alternatively, if the Member Session matches the Member associated with the member_id passed in the request, the authorization check will also allow a Member Session that has permission to perform the update.settings.default-mfa-method action on the stytch.self Resource.

email_address

string

Updates the Member's email_address, if provided. This will clear any existing passwords and require re-verification of the new email address. If a Member's email address is changed, other Members in the same Organization cannot use the old email address, although the Member may update back to their old email address. A Member's email address can only be useable again by other Members if the Member is deleted.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the update.info.email action on the stytch.member Resource. Members cannot update their own email address.

external_id

string

An identifier that can be used in most API calls where a member_id is expected. This is a string consisting of alphanumeric, ., _, -, or | characters with a maximum length of 128 characters. External IDs must be unique within an organization, but may be reused across different organizations in the same project.

unlink_email

boolean

If unlink_email is true and an email_address is provided, the Member's previous email will be deleted instead of retired. Defaults to false.

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

member_id

string

required

Globally unique UUID that identifies a specific Member.

member

object

required

The Member object

Show child attributes

organization

object

required

The Organization object.

Show child attributes

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I