put__user_{userId}
PUT /user/{userId}
Update User Basic Data
Update basic user information for a specific user within your organization. This endpoint allows authorized users to modify user profile data including name, last name, and password (for non-provider users). The endpoint includes comprehensive validation to ensure proper permissions, organization membership, and data security.
User Data Management
Flashback provides granular control over user profile management with role-based permissions and security validations. This endpoint supports updating basic user information while maintaining strict security boundaries and data integrity.
Supported Update Fields:
name
string
false
User's first name
Must be a valid string if provided
lastName
string
false
User's last name
Must be a valid string if provided
password
string
false
User's password
Only for non-provider users, must meet security requirements
Key Features:
Role-Based Access Control: Users can only modify data based on their organization role and relationship to the target user
Provider User Protection: Users with external authentication providers (OAuth, etc.) cannot have their passwords modified
Organization Isolation: Users can only modify data within their own organization
Password Security: Password updates include validation and secure hashing
Audit Trail: All updates are logged as system events for compliance and monitoring
Permission Requirements:
Self-Modification: Any user can update their own basic data (name, lastName)
Password Updates: Users can only update their own password
Administrative Access: Users with WORKSPACES, ADMINISTRATORS, or OWNER roles can modify other users' basic data
Organization Membership: Both current user and target user must be in the same organization
TypeScript Client Library
public updateUser = async (userId: string, data: UserUpdateRequest): Promise<UserUpdateResponse> => {
return this.makeRequest<UserUpdateResponse>(`user/${userId}`, 'PUT', data);
};Code Samples
# Update user's name and last name
curl -X PUT https://backend.flashback.tech/user/{userId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{
"name": "John",
"lastName": "Doe"
}'
# Update user's password (non-provider users only)
curl -X PUT https://backend.flashback.tech/user/{userId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{
"password": "NewSecurePassword123!"
}'PUT https://backend.flashback.tech/user/{userId} HTTP/1.1
Host: backend.flashback.tech
Content-Type: application/json
Accept: application/json
Authorization: Bearer {access-token}
{
"name": "John",
"lastName": "Doe"
}const inputBody = '{
"name": "John",
"lastName": "Doe"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/user/{userId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.put 'https://backend.flashback.tech/user/{userId}',
{
'name' => 'John',
'lastName' => 'Doe'
}.to_json, headers
p JSON.parse(result)import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
data = {
'name': 'John',
'lastName': 'Doe'
}
r = requests.put('https://backend.flashback.tech/user/{userId}',
headers=headers,
json=data)
print(r.json())<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}',
);
$client = new \GuzzleHttp\Client();
$request_body = array(
'name' => 'John',
'lastName' => 'Doe'
);
try {
$response = $client->request('PUT','https://backend.flashback.tech/user/{userId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
print_r($e->getMessage());
}URL obj = new URL("https://backend.flashback.tech/user/{userId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Authorization", "Bearer {access-token}");
con.setDoOutput(true);
String jsonInputString = "{\"name\": \"John\", \"lastName\": \"Doe\"}";
try(OutputStream os = con.getOutputStream()) {
byte[] input = jsonInputString.getBytes("utf-8");
os.write(input, 0, input.length);
}
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());package main
import (
"bytes"
"net/http"
"encoding/json"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := map[string]string{
"name": "John",
"lastName": "Doe",
}
jsonData, _ := json.Marshal(data)
req, err := http.NewRequest("PUT", "https://backend.flashback.tech/user/{userId}", bytes.NewBuffer(jsonData))
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}Parameters
userId
path
string
true
Unique identifier of the target user
Request Body
name
string
false
User's first name
lastName
string
false
User's last name
password
string
false
User's password (non-provider users only)
Body parameter
{
"name": "John",
"lastName": "Doe"
}Example responses
200 Response
{
"success": true,
"message": "User data updated successfully"
}400 Response (Provider User Password Update)
{
"success": false,
"message": "Password cannot be changed for users with external authentication providers"
}400 Response (Invalid Password)
{
"success": false,
"message": "Password does not meet security requirements"
}403 Response (Organization Mismatch)
{
"success": false,
"message": "Access denied: users must be in the same organization"
}403 Response (No Organization)
{
"success": false,
"message": "User not associated with any organization"
}403 Response (Insufficient Permissions)
{
"success": false,
"message": "Access denied: insufficient permissions to modify user data"
}404 Response
{
"success": false,
"message": "User not found"
}500 Response
{
"success": false,
"message": "Internal server error",
"error": "Database connection failed"
}Responses
403
Access denied due to insufficient permissions, organization mismatch, or user not associated with organization
Inline
Response Schema
Status Code 200
» success
boolean
false
none
Indicates if the request was successful
» message
string
false
none
Success message describing the update
Status Code 400
» success
boolean
false
none
Indicates if the request was successful
» message
string
false
none
Error message describing the validation issue
Status Code 403
» success
boolean
false
none
Indicates if the request was successful
» message
string
false
none
Error message describing the access restriction
Status Code 404
» success
boolean
false
none
Indicates if the request was successful
» message
string
false
none
Error message describing the issue
Status Code 500
» success
boolean
false
none
Indicates if the request was successful
» message
string
false
none
Error message describing the issue
» error
string
false
none
Detailed error information
Security & Validation
This endpoint includes comprehensive validation and security checks:
Organization Membership Validation
Both the current user and target user must be associated with the same organization
Users not associated with any organization cannot perform user updates
Permission Validation
Users can always update their own basic data (name, lastName)
Password updates are restricted to the user's own account
Administrative users (WORKSPACES, ADMINISTRATORS, OWNER) can modify other users' basic data
Role-based access control ensures proper permission boundaries
Provider User Protection
Users with external authentication providers (OAuth, SAML, etc.) cannot have their passwords modified
This prevents conflicts with external identity management systems
Password Security Validation
Password updates include comprehensive security validation
Passwords are securely hashed using industry-standard algorithms
Password requirements are enforced to maintain security standards
Data Integrity
All updates are validated for data type and format
System events are generated for audit and compliance purposes
Changes are logged with before/after data for tracking
Authentication Required
Valid access token must be provided in the Authorization header
User must be authenticated and associated with an organization
Last updated
Was this helpful?