Update a User
This API is used to update an existing User.
You must specify all of the properties of the User when calling this API with the PUT HTTP method. When used with PUT, this API doesn't merge the existing User and your new data. It replaces the existing User with your new data.
Utilize the PATCH HTTP method to send specific changes to merge into an existing User.
If you specify a new password for the User, it will be encrypted and stored. However, if you do not provide a new password, the User's old password will be preserved. This is the only field that is merged during an update using the PUT method.
Request#
OpenAPI Spec
OpenAPI Spec
For backward compatibility, the PATCH method accepts the same media type (specified by a Content-Type of application/json) and body as the PUT request. You can also use the following media types for different behavior:
- JSON Patch/RFC 6902:
application/json-patch+json - JSON Merge Patch/RFC 7396:
merge-patch+json
For details, see the PATCH documentation.
Using a media type of application/json merges the provided request parameters into the existing object. As a result, all parameters are optional with PATCH: only provide the values you want to change. To remove a value, provide a null value. Patching an Array appends all values in the new list to the old list.
Request Parameters#
userIdUUIDrequiredImmutableThe Id of the User to update.
Request Headers#
X-FusionAuth-TenantIdStringoptionalThe unique Id of the tenant used to scope this API request.
The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.
Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.
See Making an API request using a Tenant Id for additional information.
You must specify either the email or the username or both for the User. Either of these values may be used to uniquely identify the User and may be used to authenticate the User. These fields are marked as optional below, but you must specify at least one of them.
Request Body#
applicationIdUUIDoptionalAvailable since 1.30.0An optional Application Id that is used to resolve the application-specific email or message template to use when transactional notifications are configured. Transactional notifications include setup password, email verification, and others.
If not provided, only the tenant configuration will be used when resolving templates.
disableDomainBlockBooleanoptionalDefaults to falseAvailable since 1.30.0A tenant has the option to configure one or more email domains to be blocked in order to restrict email domains during user create or update.
Setting this property equal to true will override the tenant configuration. See tenant.registrationConfiguration.blockedDomains in the Tenant API.
skipVerificationBooleanoptionalDefaults to falseIndicates to FusionAuth that it should skip email and phone verification even if it is enabled. This is useful for creating admin or internal User accounts.
Setting this to true will, for all identities created or updated in this request:
- Set user.identities[x].verified field to
false - Set user.identities[x].verifiedReason field to
Skipped, which will exempt this identity from any verification gating requirements configured at the tenant level - Set user.verified field to
true(if an email identity was created or added)
user.birthDateStringoptionalAn ISO-8601 formatted date of the User's birthdate such as YYYY-MM-DD.
user.currentPasswordStringoptionalThe User's current password. When this parameter is provided the current password will be verified to be correct. Useful for password updates.
user.dataObjectoptionalAn object that can hold any information about a User that should be persisted. Please review the limits on data field types as you plan for and build your custom data schema.
user.data.emailStringoptionalThis field will be used as the email address if no user.email field is found. This field may be modified by advanced registration forms or the API. Setting this value to another account's email address allows that account to, in some cases, access information about this user.
If user richard has a user.data.email with a value of dinesh@fusionauth.io, whoever controls dinesh@fusionauth.io has elevated access to the richard account. That user can now reset the password on the richard account, for example. This functionality may be useful in certain scenarios, such as when accounts must share an email address. Think through the security ramifications before using this feature.
This feature was removed in version 1.26.0 and added back in in 1.27.2.
user.emailStringoptionalThe User's email address. An email address is unique in FusionAuth and stored in lower case.
If email is not provided, then the username or phoneNumber will be required.
user.encryptionSchemeStringoptionalThe method for encrypting the User's password.
The possible values are:
- salted-md5
- salted-sha256
- salted-hmac-sha256
- salted-pbkdf2-hmac-sha256
- salted-pbkdf2-hmac-sha256-512 Available since 1.34.0
- bcrypt
- phpass-md5 Available since 1.45.0
- phpass-sha512Available since 1.45.0
This field is ignored unless the password field is also provided. If omitted and the password is specified, the default encryption scheme will be used.
You can also create your own password encryptor. See the Custom Password Hashing section for more information.
user.expiryLongoptionalThe expiration instant of the User's account. An expired user is not permitted to login.
user.factorStringoptionalThe factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
This field is ignored unless the password field is also provided. If omitted and the password is specified, the default factor for the encryption scheme will be used.
user.firstNameStringoptionalThe first name of the User.
user.fullNameStringoptionalThe User's full name as a separate field that is not calculated from firstName and lastName.
user.imageUrlStringoptionalThe URL that points to an image file that is the User's profile image.
user.lastNameStringoptionalThe User's last name.
user.legacyIdentifierStringoptionalAvailable since 1.67ImmutableUsed to override the sub claim in tokens issued by the Legacy Identity Provider Adapter.
This value is immutable after the user is created. It must be unique within the tenant when non-null.
user.middleNameStringoptionalThe User's middle name.
user.mobilePhoneStringoptionalThe User's mobile phone number. This is useful to send the User push notifications or SMS messages.
user.mobilePhone is a user attribute that cannot be used to log in. For logging in with a phone number, see user.phoneNumber.
user.parentEmailStringoptionalAvailable since 1.7.0The email address of the user's parent or guardian. This field is used to allow a child user to identify their parent so FusionAuth can make a request to the parent to confirm the parent relationship.
Family configuration must be enabled in the tenant Family configuration and the corresponding family email templates must be configured for FusionAuth to notify the parent during user creation.
user.passwordStringoptionalThe User's plain text password. This password will be hashed and the provided value will never be stored and cannot be retrieved.
If this parameter is provided it indicates you wish to change the User's password. If you do not want to change the User's password omit this field from the request.
user.passwordChangeRequiredBooleanoptionalDefaults to falseIndicates that the User's password needs to be changed during their next login attempt. This does not apply if the user has no password.
user.phoneNumberStringoptionalAvailable since 1.59.0The phone number of the User. The phone number is stored and returned in E.164 canonical format, however a phone number is considered unique regardless of the format. 303-555-1212 is considered equal to +13035551212 so either version of this phone number can be used whenever providing it as input to an API.
If phoneNumber is not provided, then email or username will be required.
This differs from user.mobilePhone in that user.phoneNumber can be used to log in, just like an email address or a username.
user.preferredLanguagesArray<String>optionalAn array of locale strings that give, in order, the User's preferred languages. These are important for email templates and other localizable text. See Locales.
The maximum number of allowed preferred languages is 20.
user.timezoneStringoptionalThe User's preferred timezone. The string must be in an IANA time zone format. For example: America/Denver or US/Mountain.
user.twoFactor.methods[x].authenticator.algorithmStringoptionalThe algorithm used by the TOTP authenticator. With the current implementation, this will always be HmacSHA1.
user.twoFactor.methods[x].authenticator.codeLengthIntegeroptionalThe length of code generated by the TOTP. With the current implementation, this will always be 6.
user.twoFactor.methods[x].authenticator.timeStepIntegeroptionalThe time-step size in seconds. With the current implementation, this will always be 30.
user.twoFactor.methods[x].emailStringoptionalThe value of the email address for this method. Only present if user.twoFactor.methods[x].method is email.
user.twoFactor.methods[x].methodStringoptionalThe type of this method. There will also be an object with the same value containing additional information about this method.
The possible values are:
authenticatoremailsms
user.twoFactor.methods[x].mobilePhoneStringoptionalThe value of the mobile phone for this method. Only present if user.twoFactor.methods[x].method is sms.
user.twoFactor.methods[x].secretStringoptionalA base64 encoded secret.
This field is required when method is authenticator.
user.twoFactorDeliveryStringoptionalDefaults to NoneDEPRECATEDThe User's preferred delivery for verification codes during a two-factor login request.
The possible values are:
NoneTextMessage
When using TextMessage the User will also need a valid mobilePhone.
If Two-Factor authentication is already enabled for this user, the delivery may not be modified. In order to change the delivery type you must first disable Two-Factor authentication and re-enable with a new delivery type.
Removed in 1.26.0user.twoFactorEnabledBooleanoptionalDefaults to falseDEPRECATEDDetermines if the User has two-factor authentication enabled for their account or not.
If Two-Factor authentication is already enabled for this user disabling Two-Factor authentication will reset the delivery type and secret.
See the Enable Two-Factor and Disable Two-Factor APIs as an alternative to performing this action using the User API.
Removed in 1.26.0user.twoFactorSecretStringoptionalDEPRECATEDThe Base64 encoded secret used to generate Two-Factor verification codes.
You may optionally use value provided in the secret field returned by the Two-Factor Secret API instead of generating this value yourself.
Unless you are using TextMessage as your delivery type, ensure you are able to share the secret with the User before enabling Two-Factor authentication.
Beginning in version 1.17.0, if you do create a User with TextMessage set as the twoFactorDelivery type and you omit this value, the secret will
be generated for you. The secret can be generated because it is not necessary to share the secret with the User for this delivery method.
When using None as the twoFactorDelivery this value will be required.
If Two-Factor authentication is already enabled for this user, the secret may not be modified. In order to change the secret you must first disable Two-Factor authentication and re-enable with a new secret.
Removed in 1.26.0user.usernameStringoptionalThe username of the User. The username is stored and returned as a case sensitive value, however a username is considered unique regardless of the case. bob is considered equal to BoB so either version of this username can be used whenever providing it as input to an API.
If username is not provided, then email or phoneNumber will be required.
user.usernameStatusStringoptionalThe current status of the username. This is used if you are moderating usernames via CleanSpeak. The possible values are:
ACTIVE- the username is activePENDING- the username is pending approval/moderationREJECTED- the username was rejected during moderation
This state is managed by CleanSpeak, it may be changed by setting it on this request.
Example Request JSON
{
"application": "368994e6-ba8a-49b5-8446-7b99ab1fffdf",
"disableDomainBlock": false,
"user": {
"active": true,
"birthDate": "1976-05-30",
"data": {
"displayName": "Johnny Boy",
"favoriteColors": [
"Red",
"Blue"
]
},
"email": "example@fusionauth.io",
"encryptionScheme": "salted-sha256",
"factor": 24000,
"expiry": 1571786483322,
"firstName": "John",
"fullName": "John Doe",
"imageUrl": "http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png",
"lastName": "Doe",
"middleName": "William",
"mobilePhone": "303-555-1234",
"passwordChangeRequired": false,
"preferredLanguages": [
"en",
"fr"
],
"timezone": "America/Denver",
"twoFactor": {
"methods": [
{
"authenticator": {
"algorithm": "HmacSHA1",
"codeLength": 6,
"timeStep": 30
},
"secret": "aGVsbG8Kd29ybGQKaGVsbG8gaGVsbG8=",
"method": "authenticator"
},
{
"method": "sms",
"mobilePhone": "555-555-5555"
},
{
"email": "example@fusionauth.io",
"method": "email"
}
]
},
"usernameStatus": "ACTIVE",
"username": "johnny123"
}
}Response#
The response for this API contains the User that was updated. The password hash and other sensitive fields are never returned on the API response.
Response Codes| Code | Description |
|---|---|
| 200 | The request was successful. The response will contain a JSON body. |
| 400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
| 401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
| 404 | The object you are trying to update doesn't exist. The response will be empty. |
| 500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
| 503 | The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
| 504 | One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
Response Body#
emailVerificationIdStringAvailable since 1.27.0An email verification Id. When present, this will represent the user's current email verification Id.
When using FormField verification strategy, this is the first part of the pair of verification Ids, and the emailVerificationOneTimeCode is the second part. When ClickableLink is the verification strategy, this value is sensitive in that this value by itself can be used to verify the user's email address.
When ClickableLink is the verification strategy, this is the value that will have been emailed to the user in order to complete verification. If you have not configured SMTP, you may optionally use this value to use an out of band transport such as your own email service.
Prior to version 1.49.0, this value was only returned when using FormField verification strategy. Beginning in 1.49.0 the value is always returned when available.
emailVerificationOneTimeCodeStringAvailable since 1.49.0An email one time code that will be paired with the emailVerificationId.
When FormField is the verification strategy, this is the value that will have been emailed to the user in order to complete verification. If you have not configured SMTP, you may optionally use this value to use an out of band transport such as your own email service.
This value will only be present when using the FormField verification strategy. When present, this is the value the user will need to enter to complete email verification.
verificationIdsArrayAvailable since 1.59.0The list of all identity verifications that exist for a user. This includes the email and phone identities that a user may have. The values from emailVerificationId and emailVerificationOneTimeCode are legacy fields and will also be present in this list.
verificationIds[x].idStringAvailable since 1.59.0An identity verification Id.
When using FormField verification strategy, FusionAuth provides two values, a verification Id (this value) and the verificationIds[x].oneTimeCode value.
When ClickableLink is the verification strategy, this is the value FusionAuth sends to the user in order to complete identity verification. If you have not configured SMTP or an SMS messenger, you may optionally use this value to use an out-of-band transport such as your own email service to deliver this value.
Note that when ClickableLink is the verification strategy, this value is sensitive in that it can be used to verify the user's email address or phone number.
verificationIds[x].oneTimeCodeStringAvailable since 1.59.0A one time code that will be paired with the verificationIds[x].id.
When FormField is the verification strategy, this is the value FusionAuth sends to the user in order to complete verification. If you have not configured SMTP or an SMS messenger, you may optionally send this value using an out-of-band transport such as your own email service.
This value will only be present when using the FormField verification strategy. When present, this is the value the user will need to enter to complete email or phone verification.
verificationIds[x].typeStringAvailable since 1.59.0The identity type that the verification Id is for. This identity type, along with verificationIds[x].value, matches exactly one identity via user.identities[x].type.
verificationIds[x].valueStringAvailable since 1.59.0The identity value that the verification Id is for. This identity value, along with verificationIds[x].type, matches exactly one identity via user.identities[x].value.
user.activeBooleanTrue if the User is active. False if the User has been deactivated. Deactivated Users will not be able to log in.
user.birthDateStringThe User's birthdate formatted as YYYY-MM-DD
user.breachedPasswordLastCheckedInstantLongThe instant this user's password was last checked to determine if it is compromised.
user.connectorIdUUIDAvailable since 1.18.0The unique Id of the Connector associated with the System of Record being used to authenticate the user.
user.cleanSpeakIdUUIDThis Id is used by FusionAuth when the User's username is sent to CleanSpeak to be moderated (filtered and potentially sent to the approval queue). It is the content Id of the username inside CleanSpeak.
user.dataObjectAn object that can hold any information about the User that should be persisted.
user.data.emailStringThis field will be used as the email address if no user.email field is found.
This feature was removed in version 1.26.0 and added back in 1.27.2.
user.emailStringThe User's email address.
user.expiryLongThe expiration instant of the User's account. An expired user is not permitted to log in.
user.firstNameStringThe first name of the User.
user.fullNameStringThe User's full name as a separate field that is not calculated from firstName and lastName.
user.idUUIDThe User's unique Id.
user.identitiesArrayAvailable since 1.59.0The list of identities that exist for a User.
user.identities[x].displayValueStringAvailable since 1.59.0The display value for the identity. Only used for username type identities. If the unique username feature is not enabled, this value
will be the same as user.identities[x].value. Otherwise, it will be the username the User has chosen. For
primary username identities, this will be the same value as user.username.
user.identities[x].insertInstantLongAvailable since 1.59.0The instant when the identity was created.
user.identities[x].lastLoginInstantLongAvailable since 1.59.0The instant when the identity was last used to log in. If a User has multiple identity types (username, email, and phoneNumber), then this value will represent the specific identity they last used to log in. This contrasts with user.lastLoginInstant, which represents the last time any of the User's identities was used to log in.
Identity provider logins will not be reflected here (see user.lastLoginInstant for a field that includes identity provider logins).
user.identities[x].lastUpdateInstantLongAvailable since 1.59.0The instant when the identity was last updated.
user.identities[x].moderationStatusStringAvailable since 1.59.0The current status of the username. This is used if you are moderating usernames via CleanSpeak. The possible values are:
ACTIVE- the username is activePENDING- the username is pending approval/moderationREJECTED- the username was rejected during moderation
If a username has been rejected, it is still possible to allow the User to update it and have the new one moderated again.
Only used for username type identities. For primary username identities, this will be the same value as user.usernameStatus.
user.identities[x].typeStringAvailable since 1.59.0The identity type. The possible values are:
email- identities defined by an email addressphoneNumber- identities defined by a phone numberusername- identities defined by a username
user.identities[x].valueStringAvailable since 1.59.0The value represented by the identity. The contents of this field depend on user.identities[x].typeand will be one of the following:
- Email address - The User's email address, always lower cased. For primary email identities, this will be the same value as user.email
- Phone number - The User's phone number, in E.164 canonical format. For primary phone number identities, this will be the same value as user.phoneNumber
- Username - User's username - this will be the same as user.identities[x].displayValue. For primary username identities, this will be the same value as user.username
This value is unique within a tenant for a particular user.identities[x].type.
If the unique usernames feature is enabled, value will be the unique username (within the tenant). For primary username identities, this will also be the same value as user.uniqueUsername.
user.identities[x].verifiedBooleanAvailable since 1.59.0Whether verification was actually performed on the identity by FusionAuth. This is used in combination with the user.identities[x].verifiedReason to decide whether an identity needs verification.
user.identities[x].verifiedInstantLongAvailable since 1.59.0The instant when verification was performed on the identity. This field is only populated when verification was actually performed on the identity by FusionAuth.
user.identities[x].verifiedReasonStringAvailable since 1.59.0The reason the User's identity was verified or not verified. The possible values are:
Skipped- Verification was skipped due to theskipVerificationparameter on the requestTrusted- Identity was created via an identity provider or a connectorUnverifiable- FusionAuth doesn't know how to verify this identity type. Usernames are an exampleImplicit- Verification was implicitly performed by sending a set password or passwordless messagePending- Tenant policy requires verification but no verification has been performed yetCompleted- Verification was performed by FusionAuthDisabled- Tenant policy did not require verificationImport- User was imported so verification was not performed by FusionAuth
If this field is Disabled, Import, Skipped, Trusted, or Unverifiable, then verification will not be required, regardless of the user.identities[x].verified value.
For Implicit, Pending, or Completed, the identity will require verification if user.identities[x].verified is false.
user.imageUrlStringThe URL that points to an image file that is the User's profile image.
user.insertInstantLongThe instant when the user was created.
user.lastLoginInstantLongThe instant when the User logged in last. See user.identities[x].lastLoginInstant for more granular information based on identity.
user.lastNameStringThe User's last name.
user.lastUpdateInstantLongThe instant when the User was last updated.
user.legacyIdentifierStringAvailable since 1.67Used to override the sub claim in tokens issued by the Legacy Identity Provider Adapter.
This value is immutable after the user is created and is unique within the tenant when non-null.
user.membershipsArrayThe list of memberships for the User.
user.memberships[x].dataObjectAn object that can hold any information about the User for this membership that should be persisted.
user.memberships[x].groupIdUUIDThe Id of the Group of this membership.
user.memberships[x].idUUIDThe unique Id of this membership.
user.memberships[x].insertInstantLongThe instant that the membership was created.
user.middleNameStringThe User's middle name.
user.mobilePhoneStringThe User's mobile phone number. This is useful if you will be sending push notifications or SMS messages to the User.
This differs from user.phoneNumber and cannot be used to log in.
user.parentEmailStringAvailable since 1.7.0The email address of the user's parent or guardian. If this value was provided during a create or update operation, this value will only remain until the child is claimed by a parent.
user.passwordChangeRequiredBooleanIndicates that the User's password needs to be changed during their next login attempt.
user.passwordLastUpdateInstantLongThe instant that the User last changed their password.
Since version 1.59.0, if a user does not currently have a password, this field will not be returned in the response.
user.phoneNumberStringAvailable since 1.59.0The User's primary phone number. The phone number is stored and returned in E.164 canonical format, however a phone number is considered unique regardless of the format. 303-555-1212 is considered equal to +13035551212 so either version of this phone number can be used whenever providing it as input to an API.
This differs from user.mobilePhone in that user.phoneNumber can be used to log in, just like an email address or a username.
user.preferredLanguagesArray<String>An array of locale strings that give, in order, the User's preferred languages. These are important for email templates and other localizable text. See Locales.
user.registrationsArrayThe list of registrations for the User. This will include registrations for inactive applications.
user.registrations[x].applicationIdUUIDThe Id of the Application that this registration is for.
user.registrations[x].authenticationTokenStringThe Authentication Token for this registration (if one exists).
user.registrations[x].cleanSpeakIdUUIDThis Id is used by FusionAuth when the User's username for this registration is sent to CleanSpeak to be moderated (filtered and potentially sent to the approval queue). It is the content Id of the username inside CleanSpeak.
user.registrations[x].dataObjectAn object that can hold any information about the User for this registration that should be persisted.
user.registrations[x].idUUIDThe Id of this registration.
user.registrations[x].insertInstantLongThe instant that this registration was created.
user.registrations[x].lastLoginInstantLongThe instant that the User last logged into the Application for this registration.
user.registrations[x].preferredLanguagesArray<String>An array of locale strings that give, in order, the User's preferred languages for this registration. These are important for email templates and other localizable text.
user.registrations[x].rolesArray<String>The list of roles that the User has for this registration. The string is the role's Name not the role's Id, e.g. admin or user-role.
user.registrations[x].timezoneStringThe User's preferred timezone for this registration. The string will be in an IANA time zone format.
user.registrations[x].tokensMap<String,StringDEPRECATEDA map that contains tokens returned from identity providers.
For example, if this user has authenticated using the Facebook Identity Provider, the Facebook access token will be available in this map, keyed by name Facebook. For an OpenID Connect Identity provider, or other generic providers, if a token is stored it will be keyed by the Identity Provider unique Id.
The token returned and stored from the Identity Provider is now stored in the IdP link and is retrievable using the Identity Provider Link API.
user.registrations[x].usernameStringThe username of the User for this registration only. This is for display purposes and cannot be used to log in.
user.registrations[x].usernameStatusStringThe current status of the username. This is used if you are moderating usernames via CleanSpeak. The possible values are:
ACTIVE- the username is activePENDING- the username is pending approval/moderationREJECTED- the username was rejected during moderation
If a username has been rejected, it is still possible to allow the User to update it and have the new one moderated again.
user.registrations[x].verifiedBooleanThis value indicates if this User's registration has been verified.
For additional information, see these tutorials:
user.registrations[x].verifiedInstantLongAvailable since 1.48.0The instant that this registration was verified.
user.tenantIdUUIDThe Id of the Tenant that this User belongs to.
user.timezoneStringThe User's preferred timezone. This can be used as a default to display instants, and it is recommended that you allow Users to change this per-session. The string will be in an IANA time zone format.
user.twoFactor.methods[x].authenticator.algorithmStringThe algorithm used by the TOTP authenticator. With the current implementation, this will always be HmacSHA1.
user.twoFactor.methods[x].authenticator.codeLengthIntegerThe length of code generated by the TOTP. With the current implementation, this will always be 6.
user.twoFactor.methods[x].authenticator.timeStepIntegerThe time-step size in seconds. With the current implementation, this will always be 30.
user.twoFactor.methods[x].emailStringThe value of the email address for this method. Only present if user.twoFactor.methods[x].method is email.
user.twoFactor.methods[x].idStringThe unique Id of the method.
user.twoFactor.methods[x].lastUsedBooleantrue if this method was used most recently.
user.twoFactor.methods[x].methodStringThe type of this method. There will also be an object with the same value containing additional information about this method. The possible values are:
authenticatoremailsms
user.twoFactor.methods[x].mobilePhoneStringThe value of the mobile phone for this method. Only present if user.twoFactor.methods[x].method is sms.
user.twoFactorDeliveryStringDEPRECATEDThe User's preferred delivery for verification codes during a two-factor login request.
The possible values are:
NoneTextMessage
user.twoFactorEnabledBooleanDEPRECATEDDetermines if the User has two-factor authentication enabled for their account or not.
Removed in 1.26.0user.usernameStringThe username of the User.
user.usernameStatusStringThe current status of the username. This is used if you are moderating usernames via CleanSpeak. The possible values are:
ACTIVE- the username is activePENDING- the username is pending approval/moderationREJECTED- the username was rejected during moderation
If a username has been rejected, it is still possible to allow the User to update it and have the new one moderated again.
user.verifiedBooleanDEPRECATEDWhether or not the User's primary email identity has been verified. This does NOT indicate whether phone number identity types are verified.
For additional information, see these tutorials:
Deprecated since 1.59.0See user.identities[x].verified and user.identities[x].verifiedReason.
user.verifiedInstantLongAvailable since 1.48.0The first instant that the User's primary email address or phone number was verified. This value is immutable and cannot change for a user once set.
Example Response JSON
{
"user": {
"active": true,
"breachedPasswordLastCheckedInstant": 1471786483322,
"breachedPasswordStatus": "None",
"birthDate": "1976-05-30",
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"data": {
"displayName": "Johnny Boy",
"favoriteColors": [
"Red",
"Blue"
]
},
"email": "example@fusionauth.io",
"expiry": 1571786483322,
"firstName": "John",
"fullName": "John Doe",
"id": "00000000-0000-0001-0000-000000000000",
"identities": [
{
"insertInstant": 1742936980069,
"lastLoginInstant": 1742936980069,
"lastUpdateInstant": 1742936980069,
"primary": true,
"type": "email",
"value": "example@fusionauth.io",
"verified": false,
"verifiedReason": "Disabled"
},
{
"insertInstant": 1742936980069,
"lastLoginInstant": 1742936980069,
"lastUpdateInstant": 1742936980069,
"primary": true,
"type": "phoneNumber",
"value": "+13035551212",
"verified": false,
"verifiedReason": "Disabled"
},
{
"displayValue": "johnny123",
"insertInstant": 1742936980069,
"lastLoginInstant": 1742936980069,
"lastUpdateInstant": 1742936980069,
"moderationStatus": "ACTIVE",
"primary": true,
"type": "username",
"value": "johnny123",
"verified": false,
"verifiedReason": "Unverifiable"
}
],
"imageUrl": "http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png",
"insertInstant": 1742936980069,
"lastLoginInstant": 1742936980069,
"lastName": "Doe",
"memberships": [
{
"data": {
"externalId": "cc6714c6-286c-411c-a6bc-ee413cda1dbc"
},
"groupId": "2cb5c83f-53ff-4d16-88bd-c5e3802111a5",
"id": "27218714-305e-4408-bac0-23e7e1ddceb6",
"insertInstant": 1742936980069
}
],
"middleName": "William",
"mobilePhone": "303-555-1234",
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1742936980069,
"phoneNumber": "+13035551212",
"preferredLanguages": [
"en",
"fr"
],
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"data": {
"displayName": "Johnny",
"favoriteSports": [
"Football",
"Basketball"
]
},
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1742936980069,
"lastLoginInstant": 1742936980069,
"preferredLanguages": [
"en",
"fr"
],
"roles": [
"user",
"community_helper"
],
"timezone": "America/Chicago",
"username": "johnny123",
"usernameStatus": "ACTIVE",
"verified": true,
"verifiedInstant": 1742936980069
}
],
"timezone": "America/Denver",
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactor": {
"methods": [
{
"authenticator": {
"algorithm": "HmacSHA1",
"codeLength": 6,
"timeStep": 30
},
"id": "35VW",
"method": "authenticator"
},
{
"id": "V7SH",
"method": "sms",
"mobilePhone": "555-555-5555"
},
{
"email": "example@fusionauth.io",
"id": "7K2G",
"method": "email"
}
]
},
"usernameStatus": "ACTIVE",
"username": "johnny123",
"verified": true,
"verifiedInstant": 1742936980069
}
}