# put\_\_user\_{userId} `PUT /user/{userId}` *Update User Basic Data* Update basic user information for a specific user within your organization. This endpoint allows authorized users to modify user profile data including name, last name, and password (for non-provider users). The endpoint includes comprehensive validation to ensure proper permissions, organization membership, and data security. #### User Data Management Flashback provides granular control over user profile management with role-based permissions and security validations. This endpoint supports updating basic user information while maintaining strict security boundaries and data integrity. **Supported Update Fields:** | Field | Type | Required | Description | Restrictions | | -------- | ------ | -------- | ----------------- | ------------------------------------------------------------ | | name | string | false | User's first name | Must be a valid string if provided | | lastName | string | false | User's last name | Must be a valid string if provided | | password | string | false | User's password | Only for non-provider users, must meet security requirements | **Key Features:** 1. **Role-Based Access Control**: Users can only modify data based on their organization role and relationship to the target user 2. **Provider User Protection**: Users with external authentication providers (OAuth, etc.) cannot have their passwords modified 3. **Organization Isolation**: Users can only modify data within their own organization 4. **Password Security**: Password updates include validation and secure hashing 5. **Audit Trail**: All updates are logged as system events for compliance and monitoring **Permission Requirements:** * **Self-Modification**: Any user can update their own basic data (name, lastName) * **Password Updates**: Users can only update their own password * **Administrative Access**: Users with WORKSPACES, ADMINISTRATORS, or OWNER roles can modify other users' basic data * **Organization Membership**: Both current user and target user must be in the same organization #### TypeScript Client Library ```typescript public updateUser = async (userId: string, data: UserUpdateRequest): Promise => { return this.makeRequest(`user/${userId}`, 'PUT', data); }; ``` #### Code Samples {% tabs %} {% tab title="Shell" %} ```shell # Update user's name and last name curl -X PUT https://backend.flashback.tech/user/{userId} \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer {access-token}' \ -d '{ "name": "John", "lastName": "Doe" }' # Update user's password (non-provider users only) curl -X PUT https://backend.flashback.tech/user/{userId} \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer {access-token}' \ -d '{ "password": "NewSecurePassword123!" }' ``` {% endtab %} {% tab title="HTTP" %} ```http PUT https://backend.flashback.tech/user/{userId} HTTP/1.1 Host: backend.flashback.tech Content-Type: application/json Accept: application/json Authorization: Bearer {access-token} { "name": "John", "lastName": "Doe" } ``` {% endtab %} {% tab title="JavaScript" %} ```javascript const inputBody = '{ "name": "John", "lastName": "Doe" }'; const headers = { 'Content-Type':'application/json', 'Accept':'application/json', 'Authorization':'Bearer {access-token}' }; fetch('https://backend.flashback.tech/user/{userId}', { method: 'PUT', body: inputBody, headers: headers }) .then(function(res) { return res.json(); }).then(function(body) { console.log(body); }); ``` {% endtab %} {% tab title="Ruby" %} ```ruby require 'rest-client' require 'json' headers = { 'Content-Type' => 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}' } result = RestClient.put 'https://backend.flashback.tech/user/{userId}', { 'name' => 'John', 'lastName' => 'Doe' }.to_json, headers p JSON.parse(result) ``` {% endtab %} {% tab title="Python" %} ```python import requests headers = { 'Content-Type': 'application/json', 'Accept': 'application/json', 'Authorization': 'Bearer {access-token}' } data = { 'name': 'John', 'lastName': 'Doe' } r = requests.put('https://backend.flashback.tech/user/{userId}', headers=headers, json=data) print(r.json()) ``` {% endtab %} {% tab title="PHP" %} ```php 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}', ); $client = new \GuzzleHttp\Client(); $request_body = array( 'name' => 'John', 'lastName' => 'Doe' ); try { $response = $client->request('PUT','https://backend.flashback.tech/user/{userId}', array( 'headers' => $headers, 'json' => $request_body, ) ); print_r($response->getBody()->getContents()); } catch (\GuzzleHttp\Exception\BadResponseException $e) { print_r($e->getMessage()); } ``` {% endtab %} {% tab title="Java" %} ```java URL obj = new URL("https://backend.flashback.tech/user/{userId}"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("PUT"); con.setRequestProperty("Content-Type", "application/json"); con.setRequestProperty("Accept", "application/json"); con.setRequestProperty("Authorization", "Bearer {access-token}"); con.setDoOutput(true); String jsonInputString = "{\"name\": \"John\", \"lastName\": \"Doe\"}"; try(OutputStream os = con.getOutputStream()) { byte[] input = jsonInputString.getBytes("utf-8"); os.write(input, 0, input.length); } int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader( new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); System.out.println(response.toString()); ``` {% endtab %} {% tab title="Go" %} ```go package main import ( "bytes" "net/http" "encoding/json" ) func main() { headers := map[string][]string{ "Content-Type": []string{"application/json"}, "Accept": []string{"application/json"}, "Authorization": []string{"Bearer {access-token}"}, } data := map[string]string{ "name": "John", "lastName": "Doe", } jsonData, _ := json.Marshal(data) req, err := http.NewRequest("PUT", "https://backend.flashback.tech/user/{userId}", bytes.NewBuffer(jsonData)) req.Header = headers client := &http.Client{} resp, err := client.Do(req) // ... } ``` {% endtab %} {% endtabs %} #### Parameters | Name | In | Type | Required | Description | | ------ | ---- | ------ | -------- | ------------------------------------ | | userId | path | string | true | Unique identifier of the target user | #### Request Body | Name | Type | Required | Description | | -------- | ------ | -------- | ----------------------------------------- | | name | string | false | User's first name | | lastName | string | false | User's last name | | password | string | false | User's password (non-provider users only) | > Body parameter ```json { "name": "John", "lastName": "Doe" } ``` > Example responses > 200 Response ```json { "success": true, "message": "User data updated successfully" } ``` > 400 Response (Provider User Password Update) ```json { "success": false, "message": "Password cannot be changed for users with external authentication providers" } ``` > 400 Response (Invalid Password) ```json { "success": false, "message": "Password does not meet security requirements" } ``` > 403 Response (Organization Mismatch) ```json { "success": false, "message": "Access denied: users must be in the same organization" } ``` > 403 Response (No Organization) ```json { "success": false, "message": "User not associated with any organization" } ``` > 403 Response (Insufficient Permissions) ```json { "success": false, "message": "Access denied: insufficient permissions to modify user data" } ``` > 404 Response ```json { "success": false, "message": "User not found" } ``` > 500 Response ```json { "success": false, "message": "Internal server error", "error": "Database connection failed" } ``` #### Responses | Status | Meaning | Description | Schema | | ------ | -------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------ | | 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | User data updated successfully | Inline | | 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Invalid password or provider user password update | Inline | | 403 | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3) | Access denied due to insufficient permissions, organization mismatch, or user not associated with organization | Inline | | 404 | [Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4) | User not found | Inline | | 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Internal server error | Inline | #### Response Schema Status Code **200** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » message | string | false | none | Success message describing the update | Status Code **400** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » message | string | false | none | Error message describing the validation issue | Status Code **403** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | ----------------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » message | string | false | none | Error message describing the access restriction | Status Code **404** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » message | string | false | none | Error message describing the issue | Status Code **500** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » message | string | false | none | Error message describing the issue | | » error | string | false | none | Detailed error information | #### Security & Validation This endpoint includes comprehensive validation and security checks: **Organization Membership Validation** * Both the current user and target user must be associated with the same organization * Users not associated with any organization cannot perform user updates **Permission Validation** * Users can always update their own basic data (name, lastName) * Password updates are restricted to the user's own account * Administrative users (WORKSPACES, ADMINISTRATORS, OWNER) can modify other users' basic data * Role-based access control ensures proper permission boundaries **Provider User Protection** * Users with external authentication providers (OAuth, SAML, etc.) cannot have their passwords modified * This prevents conflicts with external identity management systems **Password Security Validation** * Password updates include comprehensive security validation * Passwords are securely hashed using industry-standard algorithms * Password requirements are enforced to maintain security standards **Data Integrity** * All updates are validated for data type and format * System events are generated for audit and compliance purposes * Changes are logged with before/after data for tracking **Authentication Required** * Valid access token must be provided in the Authorization header * User must be authenticated and associated with an organization --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flashback.tech/support-reference/platform-api-reference/user-account/put__user_-userid.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.