User Object - Stytch Docs

user_id

string

required

The unique ID of the affected User.

emails

object[]

required

An array of email objects for the User.

Show child attributes

status

string

required

The status of the User. The possible values are pending and active.

phone_numbers

object[]

required

An array of phone number objects linked to the User.

Show child attributes

webauthn_registrations

object[]

required

An array that contains a list of all Passkey or WebAuthn registrations for a given User in the Stytch API.

Show child attributes

providers

object[]

required

An array of OAuth provider objects linked to the User.

Show child attributes

totps

object[]

required

An array containing a list of all TOTP instances for a given User in the Stytch API.

Show child attributes

crypto_wallets

object[]

required

An array contains a list of all crypto wallets for a given User in the Stytch API.

Show child attributes

biometric_registrations

object[]

required

An array that contains a list of all biometric registrations for a given User in the Stytch API.

Show child attributes

is_locked

boolean

required

Whether the User is temporarily locked due to too many failed authentication attempts. See the User Locking Guide for more information.

roles

string[]

required

Roles assigned to this User. See the RBAC guide for more information about role assignment.

name

object

The name of the User. Each field in the name object is optional.

Show child attributes

created_at

string

The timestamp of the User's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

password

object

The password object is returned for users with a password.

Show child attributes

trusted_metadata

object

The trusted_metadata field contains an arbitrary JSON object of application-specific data. See the Metadata reference for complete field behavior details.

untrusted_metadata

object

The untrusted_metadata field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and cannot be used to store critical information. See the Metadata reference for complete field behavior details.

external_id

string

An identifier that can be used in most API calls where a member_id is expected. This is a string consisting of alphanumeric, ., _, -, or | characters with a maximum length of 128 characters. External IDs must be unique within the project.

lock_created_at

string

When the user lock was created, if there is one. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

lock_expires_at

string

When the user lock expires, if there is one. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.