> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Change a user's properties like first_name, last_name, description, etc. > Change a user's properties like first_name, last_name, description, etc. ## OpenAPI ````json PATCH /sys/v1/users/{user_id} { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/sys/v1/users/{user_id}": { "patch": { "operationId": "UpdateUser", "tags": [ "Users" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Change a user's properties like first_name, last_name,\ndescription, etc.", "description": "Change a user's properties like first_name, last_name,\ndescription, etc.", "parameters": [ { "name": "user_id", "in": "path", "required": true, "schema": { "type": "string", "format": "uuid" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserRequest" } } } }, "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } } } } } } }, "components": { "schemas": { "UserRequest": { "allOf": [ { "type": "object", "properties": { "account_role": { "$ref": "#/components/schemas/UserAccountFlags" }, "add_groups": { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/UserGroupRole" }, "nullable": true }, "add_mfa_devices": { "type": "array", "items": { "$ref": "#/components/schemas/FidoAddDeviceRequest" }, "nullable": true, "description": "FIDO devices to add. Only one device can be added at present." }, "add_u2f_devices": { "type": "array", "items": { "$ref": "#/components/schemas/U2fAddDeviceRequest" }, "nullable": true }, "del_groups": { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/UserGroupRole" }, "nullable": true }, "del_mfa_devices": { "type": "array", "items": { "$ref": "#/components/schemas/MfaDelDeviceRequest" }, "nullable": true, "description": "Mfa devices to delete" }, "del_u2f_devices": { "type": "array", "items": { "$ref": "#/components/schemas/MfaDelDeviceRequest" }, "nullable": true }, "description": { "type": "string", "nullable": true }, "enable": { "type": "boolean", "nullable": true, "description": "Used to enable or disable a user's membership in an account. Always starts as enabled, regardless of input. Can be changed later by the account admin." }, "first_name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "nullable": true }, "last_name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "nullable": true }, "mod_groups": { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/UserGroupRole" }, "nullable": true }, "rename_mfa_devices": { "type": "array", "items": { "$ref": "#/components/schemas/MfaRenameDeviceRequest" }, "nullable": true, "description": "Mfa devices to rename" }, "rename_u2f_devices": { "type": "array", "items": { "$ref": "#/components/schemas/MfaRenameDeviceRequest" }, "nullable": true }, "user_email": { "type": "string", "format": "email" }, "user_password": { "type": "string" } } } ] }, "User": { "allOf": [ { "type": "object", "properties": { "account_role": { "$ref": "#/components/schemas/UserAccountFlags" }, "created_at": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z" }, "dependent_services": { "type": "array", "uniqueItems": true, "items": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$" }, "nullable": true }, "description": { "type": "string", "nullable": true }, "email_verified": { "type": "boolean", "nullable": true }, "explicit_groups": { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/UserGroupRole" }, "nullable": true, "description": "Explicit group assignments.\n\nThis is similar to `groups` field except that it does not include groups due to\nall-groups roles. Use this field to find out which group assignments can be\nchanged using `mod_groups` and `del_groups` fields in user update API." }, "first_name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "nullable": true }, "groups": { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/UserGroupRole" }, "nullable": true }, "has_account": { "type": "boolean", "nullable": true }, "has_password": { "type": "boolean", "nullable": true }, "last_logged_in_at": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z" }, "last_name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "nullable": true }, "mfa_devices": { "type": "array", "items": { "$ref": "#/components/schemas/MfaDevice" }, "description": "Mfa devices registered with the user" }, "new_email": { "type": "string", "format": "email" }, "self_provisioned": { "type": "boolean", "nullable": true }, "u2f_devices": { "type": "array", "items": { "$ref": "#/components/schemas/MfaDevice" } }, "user_email": { "type": "string", "format": "email" }, "user_id": { "type": "string", "format": "uuid" } }, "required": [ "account_role", "mfa_devices", "u2f_devices", "user_email", "user_id" ] } ] }, "UserAccountFlags": { "description": "User's role(s) and state in an account.", "allOf": [ { "type": "array", "uniqueItems": true, "items": { "$ref": "#/components/schemas/UserAccountFlagOrRole" } } ] }, "UserGroupRole": { "description": "User's role(s) in a group.", "allOf": [ { "type": "array", "uniqueItems": true, "items": { "$ref": "#/components/schemas/LegacyUserGroupRoleOrRoleId" } } ] }, "FidoAddDeviceRequest": { "allOf": [ { "type": "object", "description": "This contains the request for adding a FIDO device\nto user's data.\nInitially, `POST /sys/v1/session/config_2fa/new_challenge` needs\nto be called with protocol set to `fido2` and using that data,\n`navigator.credentials.create()` is called in the frontend.\nThe data returned by `create` is sent in this request. The data\nsent back here creates a new FIDO2 device for the user after\nthe payload is verified as per the rules stated in webauthn doc.", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "description": "A user friendly name for the device." }, "attestationResult": { "$ref": "#/components/schemas/PublicKeyCredentialAuthenticatorAttestationResponse" } }, "required": [ "name", "attestationResult" ] } ] }, "U2fAddDeviceRequest": { "allOf": [ { "type": "object", "description": "Description of a U2F device to add for two factor authentication.", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$" }, "registrationData": { "type": "string", "format": "byte" }, "clientData": { "type": "string", "format": "byte" }, "version": { "type": "string" } }, "required": [ "name", "registrationData", "clientData", "version" ] } ] }, "MfaDelDeviceRequest": { "allOf": [ { "type": "object", "description": "Request to delete a FIDO device.", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "description": "Name of the FIDO device to delete." } }, "required": [ "name" ] } ] }, "MfaRenameDeviceRequest": { "allOf": [ { "type": "object", "description": "Request to rename a FIDO device.", "properties": { "old_name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "description": "Old name of FIDO device." }, "new_name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "description": "New name of FIDO device." } }, "required": [ "old_name", "new_name" ] } ] }, "MfaDevice": { "allOf": [ { "type": "object", "description": "A FIDO device that may be used for second factor authentication.", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "description": "Name given to the FIDO device." }, "type": { "$ref": "#/components/schemas/MfaDeviceType" }, "origin": { "type": "string", "nullable": true, "description": "Origin of the FIDO device." } }, "required": [ "name", "type" ] } ] }, "UserAccountFlagOrRole": { "description": "User account flag or legacy user account role name or custom role id", "oneOf": [ { "$ref": "#/components/schemas/UserAccountFlag" }, { "$ref": "#/components/schemas/LegacyUserAccountRole" }, { "type": "string", "format": "uuid" } ] }, "LegacyUserGroupRoleOrRoleId": { "description": "Legacy user group role name or custom role id", "oneOf": [ { "$ref": "#/components/schemas/LegacyUserGroupRole" }, { "type": "string", "format": "uuid" } ] }, "PublicKeyCredentialAuthenticatorAttestationResponse": { "allOf": [ { "type": "object", "description": "Contains the attributes that are returned to the caller when a new\ncredential is created, or a new assertion is requested.", "properties": { "id": { "$ref": "#/components/schemas/Base64UrlSafe", "description": "Credential's identifier." }, "type": { "$ref": "#/components/schemas/PublicKeyCredentialType", "description": "Type of credential." }, "response": { "$ref": "#/components/schemas/AuthenticatorAttestationResponse" }, "get_client_extension_results": { "$ref": "#/components/schemas/AuthenticationExtensionsClientOutputs", "description": "This field contains client extension output entries produced\nby the extension’s client extension processing." } } } ] }, "MfaDeviceType": { "description": "Type of MFA device", "type": "string", "enum": [ "U2f", "Fido2" ] }, "UserAccountFlag": { "description": "User account flag", "type": "string", "enum": [ "STATEENABLED", "PENDINGINVITE" ] }, "LegacyUserAccountRole": { "description": "Legacy user account role", "type": "string", "enum": [ "ACCOUNTADMINISTRATOR", "ACCOUNTMEMBER", "ACCOUNTAUDITOR" ] }, "LegacyUserGroupRole": { "description": "Legacy user group role", "type": "string", "enum": [ "GROUPAUDITOR", "GROUPADMINISTRATOR" ] }, "Base64UrlSafe": { "type": "string", "format": "byte" }, "PublicKeyCredentialType": { "description": "https://www.w3.org/TR/webauthn-2/#enum-credentialType\n\nThis enum defines valid cred types.", "type": "string", "enum": [ "public-key" ] }, "AuthenticatorAttestationResponse": { "allOf": [ { "type": "object", "description": "This represents the authenticator's response to a client’s request\nfor the creation of a new public key credential.\n\nIt contains\ninformation about the new credential that can be used to identify\nit for later use, and metadata that can be used by the WebAuthn\nRelying Party to assess the characteristics of the credential during\nregistration.\n\n", "properties": { "clientDataJSON": { "$ref": "#/components/schemas/Base64UrlSafe" }, "getTransports": { "type": "array", "items": { "$ref": "#/components/schemas/AuthenticatorTransport" }, "nullable": true, "description": "Values obtained from `AuthenticatorAttestationResponse.getTransports()`.\nWebauthn spec recommends RP to store it and user them along with\n`allowCredentials` while authentication ceremony." }, "attestationObject": { "$ref": "#/components/schemas/Base64UrlSafe" } }, "required": [ "clientDataJSON", "attestationObject" ] } ] }, "AuthenticationExtensionsClientOutputs": { "allOf": [ { "type": "object", "description": "This is the response of extension inputs. For every input,\nan output must be returned if the input was considered.\n\n", "properties": { "appidExclude": { "type": "boolean", "nullable": true, "description": "Response of `appidExclude` extension.\nSee [AuthenticationExtensionsClientInputs::appid_exclude]." }, "appid": { "type": "boolean", "nullable": true, "description": "Response of `appid` extension.\nSee [AuthenticationExtensionsClientInputs::appid]." } } } ] }, "AuthenticatorTransport": { "description": "Hints by relying party on how client should communicate\nwith the authenticator.\n\nhttps://www.w3.org/TR/webauthn-2/#enum-transport", "oneOf": [ { "$ref": "#/components/schemas/AuthenticatorTransportInner" }, { "type": "string", "description": "Unknown values are stored as spec asks to do so.\nAs per the spec level 3 (which is draft):\n\"The values SHOULD be members of AuthenticatorTransport\nbut Relying Parties SHOULD accept and store unknown values.\"\nSee `[[transports]]` in https://w3c.github.io/webauthn/#iface-authenticatorattestationresponse\n\nLevel 2 also says that but comparitively unclear.\n\"The values SHOULD be members of AuthenticatorTransport but\nRelying Parties MUST ignore unknown values.\"\nSee `[[transports]]` in https://www.w3.org/TR/webauthn-2/#iface-authenticatorattestationresponse" } ] }, "AuthenticatorTransportInner": { "description": "See [AuthenticatorTransport] type.", "type": "string", "enum": [ "usb", "nfc", "ble", "internal" ] } } } } ````