Skip to main content

Update user

Perform an UPDATE request to the Authentication endpoint to update the user data.

Only the owner of the data can update it. This mechanism was implemented to prevent other authenticated users from updating other users data.

Note that Authentication endpoints are secured by default, so you have to include the Access token in the request. See below Request Cookies or Request headers.

Request data

HTTP method: PUT

URL format: https://baseUrl/versionNumber/customEndpointRoute/userEndpoint?key=apiKey&uniqueId=uniqueId[&dataOnly=true]


Request Parameters

The following table describes the Request parameters.

baseUrlBase url for calling the API.


versionNumberService version.

Value: The current value is 1.

customEndpointRouteThe route which identifies custom endpoints.

Default value: ce

userEndpointThe endpoint name generated by the user.

Value: the name created at

keyThe API Key of the project.Yes
uniqueIdThe identifier of the record to be updated.Yes
dataOnlyIf used, the endpoint response will be the POST body, without additional information such as ‘uniqueId’.

Value: true

masterKeyOverrides the need for Access tokens or restrictions applied to Authentication endpoints.

Don't use this key in your client application.

For more information please refer to projects.

Value: the masterKey created at

strategyA strategy allows you to choose how the data is updated.

  • force - (default) replaces the content regardless of the type.
  • merge - merges objects, it only works with JSON.
  • replace - replaces the entire content, types must be the same.
Remember that, in authentication endpoints, username and password are required fields. If after the update these values are not present the endpoint will return an error.

Request Cookies


The Access token is required for secure endpoints.

It is obtained when doing a login and it is stored in an httpOnly cookie. To automatically include it in the request you need to set the following property:

// using fetch { credentials: 'include' } // using axios { withCredentials: true }

Alternatively you can also use the Authorization header.

For more information please refer to  the login documentation and Secure Endpoints documentation.
Yes - if endpoint is secure and Authorization header is not used

Request Headers


The Access token is required for secure endpoints.

You should use this header if you are not using the httpOnly cookie to access a Secure endpoint.

For more information please refer to  the login documentation and Secure Endpoints documentation.

Yes - if endpoint is secure and httpOnly cookie is not used

Response data

Error codes

Error codeDescription
400Possible reasons:
  • Endpoint or API Key not valid.
  • Wrong Content-Type, it only accepts "text/plain" or "application/json".
  • Empty Request body.
  • uniqueId is not present in the URL.
  • No record was found.
  • username or password are not present in the request body.
  • User is not the owner of the data.
401Possible reasons:
  • Missing Access Token.
  • Invalid credentials.
  • Token expired.
  • No user found.
403Missing API Key, not allowed origin or disallowed request without orign.

Successful response

The new data in the record.


uniqueId: "3f38bf9e1bb54d2396d1f1b8fbba1630",
data: { username: "usernameeee" },
createdAt: "2020-12-27T10:58:45.000Z",
updatedAt: "2020-12-27T10:58:45.000Z"