Update current user profile
const url = 'https://your-app.torii.so/_torii/users/me';const options = { method: 'PATCH', headers: {'Content-Type': 'application/json'}, body: '{"firstName":"Ada","lastName":"Lovelace","locale":"en","unsafeMetadata":{"onboardingStep":2}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PATCH \ --url https://your-app.torii.so/_torii/users/me \ --header 'Content-Type: application/json' \ --data '{ "firstName": "Ada", "lastName": "Lovelace", "locale": "en", "unsafeMetadata": { "onboardingStep": 2 } }'Request Body required
Section titled “Request Body required ”PATCH body for updating an end-user. Every field is tri-state: omit the key entirely to leave the field unchanged, send a non-null value to set it, or send JSON null to clear it.
object
New first (given) name. Send null to clear; omit to leave unchanged.
Example
AdaNew last (family) name. Send null to clear; omit to leave unchanged.
Example
LovelaceNew preferred locale. Send null to clear; omit to leave unchanged.
Deep-merges into the user’s unsafe metadata (a key set to null removes it); omit to leave unchanged. Merged result max 512 bytes.
object
Example
{ "onboardingStep": 2}Responses
Section titled “ Responses ”OK
object
An end-user belonging to one of your environments.
object
Unique identifier for this user.
Identifier of the environment this user belongs to.
Full display name on the profile, if any.
First (given) name on the profile, if any.
Last (family) name on the profile, if any.
Preferred locale for emails and UI messages.
Lifecycle status of the user (e.g. active, banned).
When this user was created (ISO-8601 UTC).
When this user was last modified (ISO-8601 UTC).
Primary email on the profile, if any. Not guaranteed to be verified.
When this user’s primary email was verified, if it has been verified.
When this user was deleted, if soft-deleted. Null for active users.
Public metadata: readable by the SDK, writable only server-side.
object
Unsafe metadata: readable and writable by the end-user via the SDK.
object
Current session state: status + any blocking gates the user must clear before the session activates.
object
Whether the session is active or pending gate completion.
Authentication-critical gates the user must complete before the session activates.
Authentication-critical gate the user must pass before the session activates.
object
Stable wire identifier; customer apps key gateUrls against this.
object
Caller’s role key in this org (e.g. admin | member).
Human-readable display name of the caller’s role, from the org’s bound role set.
Example
{ "user": { "id": "01931a73-8b00-7000-8000-000000000000", "environmentId": "01931a72-0000-7000-8000-000000000000", "name": "Ada Lovelace", "firstName": "Ada", "lastName": "Lovelace", "locale": "en", "status": "active", "createdAt": "2026-05-16T09:30:00Z", "updatedAt": "2026-05-16T10:00:00Z", "email": "ada@example.com", "emailVerifiedAt": "2026-05-16T09:35:00Z", "deletedAt": "2026-05-20T12:00:00Z", "publicMetadata": { "plan": "pro" }, "unsafeMetadata": { "onboardingStep": 2 } }, "session": { "status": "ACTIVE", "gates": [ { "key": "LEGAL_ACCEPTANCE" } ], "currentGate": { "key": "LEGAL_ACCEPTANCE" } }}