Update User Profile

Update mutable KYC user profile fields.

Allowed only while the user is still pre-verification. Once any of the
following hold, full_name and email lock and this endpoint
rejects the change with 409 so identity drift cannot silently break a
submitted KYC application:

  • kyc_status == approved (urbanpayx-decided approval)
  • external_verification_status == verified (external attestation)
  • verification_source != none (canonical post-decision state)
  • an identity verification applicant already exists for this user

To change a locked profile, superadmin must run kyc-reset first.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…

Update the mutable profile fields (full_name, email) of a KYC user that belongs to your client. Only the fields you send are applied. The change is allowed only while the user is still pre-verification — once verification has started or completed, the identity fields lock and the request is rejected so a submitted application cannot silently drift. On success the updated user is returned and the change is recorded in your client's audit log.

Authentication & access

  • Requires a client API token: Authorization: Bearer <token>.
  • The caller must hold the kyc.users.write permission and have the OWNER or OPERATIONS role.

Path parameter

NameInDescription
user_idpathID of the KYC user to update. Must belong to your client.

Request body

Partial update — send only the fields you want to change.

FieldTypeConstraints
full_namestring | null1–255 characters. Leading/trailing whitespace is trimmed. A whitespace-only value is rejected.
emailstring (email) | nullValid email format. Normalized to lowercase before storing.

Notes:

  • A field set to a value equal to the current stored value (after trimming/lowercasing) is treated as a no-op.
  • If no field actually changes, the request succeeds and returns the user unmodified, with no audit entry written.
  • email must be unique within your client. Reusing an email already assigned to another user under the same client is rejected with 409.

Profile lock after verification starts

full_name and email are locked once the user is no longer pre-verification. Any attempt to change either field after that point returns 409. The user is considered locked when any of the following hold:

  • KYC status is approved (UrbanpayX-managed decision).
  • External attestation status is verified (external attestation mode).
  • The verification source is no longer none (a verification decision has been recorded).
  • An identity verification has already been initiated for this user.

To change a locked profile, an UrbanpayX account manager must reset the user's verification first so it can be re-verified before identity fields are altered.

Response

200 OK with the full updated user object (UserResponse), including id, email, full_name, kyc_status, verification_mode, external_verification_status, verification_source, external_verification_provider, external_verification_ref, external_verified_at, is_active, and created_at.

Error responses

StatusWhen
404No user with user_id exists under your client
409Profile fields are locked because verification has started or completed; or the requested email is already in use by another user within your client
422Request body failed validation (e.g. full_name outside 1–255 chars or whitespace-only, malformed email)

Standard 401 (authentication), 403 (insufficient permission or role), and 429 (rate limit) responses apply to every endpoint and are documented in the Error reference.

Path Params
string
required
Body Params

Partial update for a KYC user profile.

Only provided fields are applied. Allowed only while the user is still
pre-verification (no verification provider applicant, no urbanpayx or external
decision recorded); after that, profile fields lock to preserve identity integrity.

length between 1 and 255
Responses

Language
Credentials
Bearer
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json