Console
    Contact Us Start free

    Method: accounts.update

    Updates account-related information for the specified user by setting specific fields or applying action codes. Requests from administrators and end users are supported.

    HTTP request

    POST https://identitytoolkit.googleapis.com/v1/accounts:update

    The URL uses gRPC Transcoding syntax.

    Request body

    The request body contains data with the following structure:

    JSON representation 
     { 
 "idToken" 
 : 
 string 
 , 
 "localId" 
 : 
 string 
 , 
 "displayName" 
 : 
 string 
 , 
 "email" 
 : 
 string 
 , 
 "password" 
 : 
 string 
 , 
 "provider" 
 : 
 [ 
 string 
 ] 
 , 
 "oobCode" 
 : 
 string 
 , 
 "emailVerified" 
 : 
 boolean 
 , 
 "upgradeToFederatedLogin" 
 : 
 boolean 
 , 
 "captchaChallenge" 
 : 
 string 
 , 
 "captchaResponse" 
 : 
 string 
 , 
 "validSince" 
 : 
 string 
 , 
 "disableUser" 
 : 
 boolean 
 , 
 "instanceId" 
 : 
 string 
 , 
 "delegatedProjectNumber" 
 : 
 string 
 , 
 "photoUrl" 
 : 
 string 
 , 
 "deleteAttribute" 
 : 
 [ 
 enum (  UserAttributeName 
 
) 
 ] 
 , 
 "returnSecureToken" 
 : 
 boolean 
 , 
 "deleteProvider" 
 : 
 [ 
 string 
 ] 
 , 
 "lastLoginAt" 
 : 
 string 
 , 
 "createdAt" 
 : 
 string 
 , 
 "phoneNumber" 
 : 
 string 
 , 
 "customAttributes" 
 : 
 string 
 , 
 "tenantId" 
 : 
 string 
 , 
 "targetProjectId" 
 : 
 string 
 , 
 "mfa" 
 : 
 { 
 object (  MfaInfo 
 
) 
 } 
 , 
 "linkProviderUserInfo" 
 : 
 { 
 object (  ProviderUserInfo 
 
) 
 } 
 }
    Fields
    idToken

    string

    A valid Identity Platform ID token. Required when attempting to change user-related information.

    localId

    string

    The ID of the user. Specifying this field requires a Google OAuth 2.0 credential with proper permissions . For requests from end-users, an ID token should be passed instead.

    displayName

    string

    The user's new display name to be updated in the account's attributes. The length of the display name must be less than or equal to 256 characters.

    email

    string

    The user's new email to be updated in the account's attributes. The length of email should be less than 256 characters and in the format of name@domain.tld . The email should also match the RFC 822 addr-spec production. If email enumeration protection is enabled, the email cannot be changed by the user without verifying the email first, but it can be changed by an administrator.

    password

    string

    The user's new password to be updated in the account's attributes. The password must be at least 6 characters long.

    provider[]

    string

    The Identity Providers that the account should be associated with.

    oobCode

    string

    The out-of-band code to be applied on the user's account. The following out-of-band code types are supported: * VERIFY_EMAIL * RECOVER_EMAIL * REVERT_SECOND_FACTOR_ADDITION * VERIFY_AND_CHANGE_EMAIL

    emailVerified

    boolean

    Whether the user's email has been verified. Specifying this field requires a Google OAuth 2.0 credential with proper permissions .

    captchaChallenge
    (deprecated)

    string

    captchaResponse

    string

    The response from reCaptcha challenge. This is required when the system detects possible abuse activities.

    validSince

    string ( int64 format)

    Specifies the minimum timestamp in seconds for an Identity Platform ID token to be considered valid.

    disableUser

    boolean

    If true, marks the account as disabled, meaning the user will no longer be able to sign-in.

    instanceId
    (deprecated)

    string

    delegatedProjectNumber
    (deprecated)

    string ( int64 format)

    photoUrl

    string

    The user's new photo URL for the account's profile photo to be updated in the account's attributes. The length of the URL must be less than or equal to 2048 characters.

    deleteAttribute[]

    enum ( UserAttributeName )

    returnSecureToken

    boolean

    Whether or not to return an ID and refresh token. Should always be true.

    deleteProvider[]

    string

    The Identity Providers to unlink from the user's account.

    createdAt

    string ( int64 format)

    The timestamp in milliseconds when the account was created.

    phoneNumber

    string

    The phone number to be updated in the account's attributes.

    customAttributes

    string

    JSON formatted custom attributes to be stored in the Identity Platform ID token. Specifying this field requires a Google OAuth 2.0 credential with proper permissions .

    tenantId

    string

    The tenant ID of the Identity Platform tenant that the account belongs to. Requests from end users should pass an Identity Platform ID token rather than setting this field.

    targetProjectId

    string

    The project ID for the project that the account belongs to. Specifying this field requires Google OAuth 2.0 credential with proper permissions . Requests from end users should pass an Identity Platform ID token instead.

    Authorization requires the following IAM permission on the specified resource targetProjectId :

    • firebaseauth.users.update
    mfa

    object ( MfaInfo )

    The multi-factor authentication related information to be set on the user's account. This will overwrite any previous multi-factor related information on the account. Specifying this field requires a Google OAuth 2.0 credential with proper permissions .

    Response body

    If successful, the response body contains an instance of SetAccountInfoResponse .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/identitytoolkit
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: