Skip to main content
PUT
/
v1
/
users
/
{user_id}
Update
curl --request PUT \
  --url https://api.stytch.com/v1/users/{user_id} \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": {
    "first_name": "<string>",
    "middle_name": "<string>",
    "last_name": "<string>"
  },
  "attributes": {
    "ip_address": "<string>",
    "user_agent": "<string>"
  },
  "trusted_metadata": {},
  "untrusted_metadata": {},
  "external_id": "<string>",
  "roles": [
    "<string>"
  ]
}
'
{
  "request_id": "<string>",
  "user_id": "<string>",
  "emails": [
    {
      "email_id": "<string>",
      "email": "<string>",
      "verified": true
    }
  ],
  "phone_numbers": [
    {
      "phone_id": "<string>",
      "phone_number": "<string>",
      "verified": true
    }
  ],
  "crypto_wallets": [
    {
      "crypto_wallet_id": "<string>",
      "crypto_wallet_address": "<string>",
      "crypto_wallet_type": "<string>",
      "verified": true
    }
  ],
  "user": {
    "user_id": "<string>",
    "emails": [
      {
        "email_id": "<string>",
        "email": "<string>",
        "verified": true
      }
    ],
    "status": "<string>",
    "phone_numbers": [
      {
        "phone_id": "<string>",
        "phone_number": "<string>",
        "verified": true
      }
    ],
    "webauthn_registrations": [
      {
        "webauthn_registration_id": "<string>",
        "domain": "<string>",
        "user_agent": "<string>",
        "verified": true,
        "authenticator_type": "<string>",
        "name": "<string>"
      }
    ],
    "providers": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>",
        "oauth_user_registration_id": "<string>"
      }
    ],
    "totps": [
      {
        "totp_id": "<string>",
        "verified": true
      }
    ],
    "crypto_wallets": [
      {
        "crypto_wallet_id": "<string>",
        "crypto_wallet_address": "<string>",
        "crypto_wallet_type": "<string>",
        "verified": true
      }
    ],
    "biometric_registrations": [
      {
        "biometric_registration_id": "<string>",
        "verified": true
      }
    ],
    "is_locked": true,
    "roles": [
      "<string>"
    ],
    "name": {
      "first_name": "<string>",
      "middle_name": "<string>",
      "last_name": "<string>"
    },
    "created_at": "<string>",
    "password": {
      "password_id": "<string>",
      "requires_reset": true
    },
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "status_code": 123
}
To add a new email address or phone number to an existing User, use the corresponding /send endpoint and include that User’s user_id. This adds the new factor in an unverified state. If the User completes authentication within 5 minutes of the /send request, the factor becomes verified and remains on the User. If not, the factor is removed, and future login attempts with that phone number create a new User.This flow helps prevent account takeover.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Path Parameters

user_id
string
required

The unique ID of a specific User. You may use an external_id here if one is set for the user.

Body

application/json

Request type

name
object

The name of the user. Each field in the name object is optional.

attributes
object

Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.

trusted_metadata
object

The trusted_metadata field contains an arbitrary JSON object of application-specific data. See the Metadata reference for complete field behavior details.

untrusted_metadata
object

The untrusted_metadata field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and cannot be used to store critical information. See the Metadata reference for complete field behavior details.

external_id
string

An identifier that can be used in API calls wherever a user_id is expected. This is a string consisting of alphanumeric, ., _, -, or | characters with a maximum length of 128 characters.

roles
string[]

Roles to explicitly assign to this User. See the RBAC guide for more information about role assignment.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

user_id
string
required

The unique ID of the updated User.

emails
object[]
required

An array of email objects for the User.

phone_numbers
object[]
required

An array of phone number objects linked to the User.

crypto_wallets
object[]
required

An array contains a list of all crypto wallets for a given User in the Stytch API.

user
object
required

The user object affected by this API call. See the Get user endpoint for complete response field details.

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.