# Upsert a user Creates or updates (upserts) a user with a specified ID. Endpoint: PUT /users/{id} Version: latest Security: SecretApiKey, JWT ## Path parameters: - `id` (string, required) ID of the resource. ## Request fields (application/json): - `email` (string, required) Email address of the user. - `firstName` (string, required) User's first name. - `lastName` (string, required) User's last name. - `businessPhone` (string,null) User's business phone number. - `mobilePhone` (string,null) User's mobile phone number. - `permissions` (array) Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"] - `country` (string) User's country of residence in ISO 3166 alpha-2 country code. For examples, see [ISO.org](https://www.iso.org/obp/ui/#search/code/). - `preferences` (object,null) User preferences, such as: timezone, language, and more. This is an object with custom properties. - `roleIds` (array) Role IDs associated with the user. Role IDs specify the roles that the user performs within the organization. For example, the user may be an organization admin. - `allowedIps` (array,null) List of IP addresses that are permitted access. Private subnets are prohibited. To remove restrictions, set this value to . Example: ["153.12.32.33","201.54.122.0/24","2001:0db8:abcd:0012:0000:0000:0000:ffff","2001:db8:abcd:12::0/64"] ## Response 200 fields (application/json): - `id` (string) ID of the user. Example: "usr_0YVCEENYJ3D7Q9EN6BN16HA0G4" - `email` (string, required) Email address of the user. - `firstName` (string, required) User's first name. - `lastName` (string, required) User's last name. - `businessPhone` (string,null) User's business phone number. - `mobilePhone` (string,null) User's mobile phone number. - `permissions` (array) Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"] - `computedPermissions` (array) All user permissions and roles. Use these permissions to emulate the user. Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"] - `createdTime` (string) Date and time which is set automatically when the resource is created. - `updatedTime` (string) Date and time which updates automatically when the resource is updated. - `loginTime` (string,null) Date and time when the user last logged in. - `reportingCurrency` (string) User's currency code in ISO 4217 format. This value is used for reports. - `availableCurrencies` (array) Array of reporting currencies that are enabled for the merchant. - `status` (string) Status of the user's account. Enum: "active", "inactive", "pending-confirmation" - `country` (string) User's country of residence in ISO 3166 alpha-2 country code. For examples, see [ISO.org](https://www.iso.org/obp/ui/#search/code/). - `preferences` (object,null) User preferences, such as: timezone, language, and more. This is an object with custom properties. - `roleIds` (array) Role IDs associated with the user. Role IDs specify the roles that the user performs within the organization. For example, the user may be an organization admin. - `allowedIps` (array,null) List of IP addresses that are permitted access. Private subnets are prohibited. To remove restrictions, set this value to . Example: ["153.12.32.33","201.54.122.0/24","2001:0db8:abcd:0012:0000:0000:0000:ffff","2001:db8:abcd:12::0/64"] - `_links` (array) Related links. - `_links.href` (string) Link URL. - `_links.rel` (string) Type of link. Enum: "self" ## Response 201 fields (application/json): - `id` (string) ID of the user. Example: "usr_0YVCEENYJ3D7Q9EN6BN16HA0G4" - `email` (string, required) Email address of the user. - `firstName` (string, required) User's first name. - `lastName` (string, required) User's last name. - `businessPhone` (string,null) User's business phone number. - `mobilePhone` (string,null) User's mobile phone number. - `permissions` (array) Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"] - `computedPermissions` (array) All user permissions and roles. Use these permissions to emulate the user. Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"] - `createdTime` (string) Date and time which is set automatically when the resource is created. - `updatedTime` (string) Date and time which updates automatically when the resource is updated. - `loginTime` (string,null) Date and time when the user last logged in. - `reportingCurrency` (string) User's currency code in ISO 4217 format. This value is used for reports. - `availableCurrencies` (array) Array of reporting currencies that are enabled for the merchant. - `status` (string) Status of the user's account. Enum: "active", "inactive", "pending-confirmation" - `country` (string) User's country of residence in ISO 3166 alpha-2 country code. For examples, see [ISO.org](https://www.iso.org/obp/ui/#search/code/). - `preferences` (object,null) User preferences, such as: timezone, language, and more. This is an object with custom properties. - `roleIds` (array) Role IDs associated with the user. Role IDs specify the roles that the user performs within the organization. For example, the user may be an organization admin. - `allowedIps` (array,null) List of IP addresses that are permitted access. Private subnets are prohibited. To remove restrictions, set this value to . Example: ["153.12.32.33","201.54.122.0/24","2001:0db8:abcd:0012:0000:0000:0000:ffff","2001:db8:abcd:12::0/64"] - `_links` (array) Related links. - `_links.href` (string) Link URL. - `_links.rel` (string) Type of link. Enum: "self" ## Response 401 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 403 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 404 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 422 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. - `invalidFields` (array) Invalid field details. Example: [{"field":"field1","message":"field1 is invalid"},{"field":"subObject.field2","message":"field2 is invalid"},{"field":"subObject.field2","message":"another error in the field2"}] - `invalidFields.field` (string) Name of the field. Dot notation is used for nested object field names. - `invalidFields.message` (string) Message field. ## Response 429 fields (application/json): - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". Example: "about:blank" - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. Example: "Rate Limit Exceeded" - `status` (integer) HTTP status code. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. Example: "A request cannot be executed because the user has sent too many requests within a certain period of time" - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.