Skip to main content
POST
/
api
/
users
/
{user_id}
/
update
Update User
curl --request POST \
  --url https://api.example.com/api/users/{user_id}/update \
  --header 'Content-Type: application/json' \
  --data '
{
  "role": "<string>",
  "name": "<string>",
  "email": "<string>",
  "profile_image_url": "<string>",
  "password": "<string>"
}
'
{
  "id": "<string>",
  "email": "<string>",
  "username": "<string>",
  "role": "<string>",
  "name": "<string>",
  "profile_image_url": "<string>",
  "last_active_at": 123,
  "updated_at": 123,
  "created_at": 123
}
Updates user information including role, name, email, profile image, and password.

Authentication

Requires admin authentication.

Path Parameters

user_id
string
required
The unique identifier of the user to update

Request Body

role
string
required
User role: admin, user, or pending
name
string
required
User display name
email
string
required
User email address (will be converted to lowercase)
profile_image_url
string
required
URL to user’s profile image (validated for security)
password
string
New password for the user (will be hashed). If provided, must meet password requirements.

Response

Returns the updated user object.
id
string
Unique user identifier
email
string
Updated email address
username
string
Username
role
string
Updated user role
name
string
Updated display name
profile_image_url
string
Updated profile image URL
last_active_at
integer
Unix timestamp of last activity
updated_at
integer
Unix timestamp of last update
created_at
integer
Unix timestamp of creation

Example Request

curl -X POST "https://your-domain.com/api/users/user-123/update" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "admin",
    "name": "John Doe",
    "email": "johndoe@example.com",
    "profile_image_url": "https://example.com/avatar.jpg",
    "password": "newSecurePassword123!"
  }'

Example Response

{
  "id": "user-123",
  "email": "johndoe@example.com",
  "username": "johndoe",
  "role": "admin",
  "name": "John Doe",
  "profile_image_url": "https://example.com/avatar.jpg",
  "last_active_at": 1709424000,
  "updated_at": 1709424500,
  "created_at": 1709337600
}

Errors

  • 400 - Email already taken by another user
  • 400 - Password does not meet requirements
  • 400 - User not found
  • 403 - Cannot modify primary admin user (if you’re not the primary admin)
  • 403 - Primary admin cannot change their own role from admin

Notes

  • Email addresses are automatically converted to lowercase
  • Email uniqueness is enforced - returns error if email is already in use by another user
  • Password is validated and hashed securely if provided
  • Primary admin user (first user created) has special protections:
    • Cannot be modified by other admins
    • Cannot change their own role from admin
  • Profile image URLs are validated for security
  • Both user table and auth table are updated when changing email or password