API Reference/Management/Users
PATCH
/v1/mgmt/user/patch

Authorization

AuthorizationRequiredBearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

application/jsonRequired
loginIdstring
emailstring
phonestring
verifiedEmailboolean
verifiedPhoneboolean
namestring
roleNamesunknown

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

userTenantsunknown

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

statusstring
customAttributesobject

custom attributes of users

picturestring
givenNamestring
middleNamestring
familyNamestring
ssoAppIdsunknown

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

curl -X PATCH "https://api.descope.com/v1/mgmt/user/patch" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "name": "string",
    "roleNames": null,
    "userTenants": null,
    "status": "string",
    "customAttributes": {},
    "picture": "string",
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "ssoAppIds": null
  }'

OK

{
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string"
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {},
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true,
    "SCIM": true
  }
}

Was this helpful?

Batch Create Users POST

### Batch Create Users, using a valid management key. This API endpoint will batch create new users utilizing a valid management key. This API endpoint allows you to configure all aspects of a user: - loginId - email - phone - verified settings (phone, email) - one must be set to true - displayName - roleNames - Tenant configurations - which tenantIds, which roleNames. The userTenants can include multiple items Ex: ``` "userTenants": [ { "tenantId": "T2IMjmRfYTQHlbaastz3im59ERS3", "roleNames": [ "Test" ] }, { "tenantId": "T2Igau6dX1R6SkomtFCdBLrc3r67", "roleNames": [ "Test" ] } ``` Additionally, you can create a user with multiple login IDs by passing an array of loginIds in string format within the `additionalIdentifiers` key. You can also decide whether to invite the users, configure the inviteUrl, and whether to send invites via email or SMS. When importing with hashed passwords, see [this guide](/migrate/custom#importing-passwords) for further detailed configuration of password hash formats. ### Next Steps Once the user is created, the user can then login utilizing any sign-in api supported. This will then switch the user from invited to active. ### See also - See [Manage User](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Update User POST

### Updates a user's details, using a valid management key. This API endpoint will update a user's details of a user utilizing a valid management key. It is important to understand the update will take the configurations for the user provided and will overwrite all user settings. This means that if the user currently has email and phone, but the update only includes email, the phone and other non-provided configurations will be removed. This API endpoint will remove any details that are not provided. It is preferred to use other updates supported by the API, such as the following options: - [Update User Status](/api/management/users/update-user-status) - [Update User Email](/api/management/users/update-user-email) - [Update User Phone](/api/management/users/update-user-phone) - [Update User Display Name](/api/management/users/update-user-display-name) - [Update User Add Tenant](/api/management/users/update-user-add-tenant) - [Update User Remove Tenant](/api/management/users/update-user-remove-tenant) - [Update User Add Role](/api/management/users/update-user-add-roles) - [Update User Remove Role](/api/management/users/update-user-remove-roles) Additionally, you can update a user with multiple login IDs by passing an array of loginIds in string format within the `additionalIdentifiers` key. It is suggested to gather the current user configurations via [Load User](/api/management/users/load-user) in order to assist you in building the payload for this api endpoint. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`