> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hexclave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update current user

> Updates the currently authenticated user. Only the values provided will be updated.



## OpenAPI

````yaml /openapi/server.json patch /users/me
openapi: 3.1.0
info:
  title: Hexclave REST API
  version: 1.0.0
  description: >-
    The Hexclave REST API. All request headers are documented as canonical
    `X-Hexclave-*`; the equivalent `X-Stack-*` aliases are accepted on every
    endpoint for backwards compatibility. Response headers
    `X-Hexclave-actual-status`, `X-Hexclave-known-error`, and
    `X-Hexclave-request-id` are emitted alongside their legacy `X-Stack-*`
    equivalents.
servers:
  - url: https://api.hexclave.com/api/v1
    description: Hexclave REST API
security: []
paths:
  /users/me:
    patch:
      tags:
        - Users
      summary: Update current user
      description: >-
        Updates the currently authenticated user. Only the values provided will
        be updated.
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                display_name:
                  type: string
                  example: John Doe
                  description: >-
                    Human-readable user display name. This is not a unique
                    identifier.
                profile_image_url:
                  type: string
                  example: https://example.com/image.jpg
                  description: >-
                    URL of the profile image for user. Can be a Base64 encoded
                    image. Must be smaller than 100KB. Please compress and crop
                    to a square before passing in.
                client_metadata:
                  type: object
                  example:
                    key: value
                  description: >-
                    Client metadata. Used as a data store, accessible from the
                    client side. Do not store information that should not be
                    exposed to the client.
                client_read_only_metadata:
                  type: object
                  example:
                    key: value
                  description: >-
                    Client read-only, server-writable metadata. Used as a data
                    store, accessible from the client side. Do not store
                    information that should not be exposed to the client. The
                    client can read this data, but cannot modify it. This is
                    useful for things like subscription status.
                server_metadata:
                  type: object
                  example:
                    key: value
                  description: >-
                    Server metadata. Used as a data store, only accessible from
                    the server side. You can store secret information related to
                    the user here.
                primary_email:
                  type: string
                  example: johndoe@example.com
                  description: Primary email
                primary_email_verified:
                  type: boolean
                  example: true
                  description: >-
                    Whether the primary email has been verified to belong to
                    this user
                primary_email_auth_enabled:
                  type: boolean
                  example: true
                  description: >-
                    Whether the primary email is used for authentication. If
                    this is set to `false`, the user will not be able to sign in
                    with the primary email with password or OTP
                password:
                  type: string
                  example: my-new-password
                  description: >-
                    Sets the user's password. Doing so revokes all current
                    sessions.
                password_hash:
                  type: string
                  description: >-
                    If `password` is not given, sets the user's password hash to
                    the given string in Modular Crypt Format (ex.:
                    `$2a$10$VIhIOofSMqGdGlL4wzE//e.77dAQGqNtF/1dT7bqCrVtQuInWy2qi`).
                    Doing so revokes all current sessions.
                totp_secret_base64:
                  type: string
                  example: dG90cC1zZWNyZXQ=
                  description: >-
                    Enables 2FA and sets a TOTP secret for the user. Set to null
                    to disable 2FA.
                selected_team_id:
                  type: string
                  example: team-id
                  description: ID of the team currently selected by the user
                is_anonymous:
                  type: boolean
                restricted_by_admin:
                  type: boolean
                  example: false
                  description: >-
                    Whether the user is restricted by an administrator. Can be
                    set manually or by sign-up rules.
                restricted_by_admin_reason:
                  type: string
                  example: null
                  description: >-
                    Public reason shown to the user explaining why they are
                    restricted. Optional.
                restricted_by_admin_private_details:
                  type: string
                  example: null
                  description: >-
                    Private details about the restriction (e.g., which sign-up
                    rule triggered). Only visible to server access and above.
                country_code:
                  type: string
                  example: US
                  description: >-
                    Best-effort ISO country code captured at sign-up time from
                    request geo headers.
                risk_scores:
                  type: object
                  properties:
                    sign_up:
                      type: object
                      properties:
                        bot:
                          type: integer
                        free_trial_abuse:
                          type: integer
                      required:
                        - bot
                        - free_trial_abuse
                  required:
                    - sign_up
              example:
                display_name: John Doe
                profile_image_url: https://example.com/image.jpg
                client_metadata:
                  key: value
                client_read_only_metadata:
                  key: value
                server_metadata:
                  key: value
                primary_email: johndoe@example.com
                primary_email_verified: true
                primary_email_auth_enabled: true
                password: my-new-password
                totp_secret_base64: dG90cC1zZWNyZXQ=
                selected_team_id: team-id
                restricted_by_admin: false
                restricted_by_admin_reason: null
                restricted_by_admin_private_details: null
                country_code: US
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  id:
                    type: string
                    example: 3241a285-8329-4d69-8f3d-316e08cf140c
                    description: The unique identifier of the user
                  primary_email:
                    type: string
                    example: johndoe@example.com
                    description: Primary email
                  primary_email_verified:
                    type: boolean
                    example: true
                    description: >-
                      Whether the primary email has been verified to belong to
                      this user
                  primary_email_auth_enabled:
                    type: boolean
                    example: true
                    description: >-
                      Whether the primary email is used for authentication. If
                      this is set to `false`, the user will not be able to sign
                      in with the primary email with password or OTP
                  display_name:
                    type: string
                    example: John Doe
                    description: >-
                      Human-readable user display name. This is not a unique
                      identifier.
                  selected_team:
                    type: object
                    properties:
                      created_at_millis:
                        type: number
                        example: 1630000000000
                        description: >-
                          The time the team was created (the number of
                          milliseconds since epoch, January 1, 1970, UTC)
                      server_metadata:
                        type: object
                        example:
                          key: value
                        description: >-
                          Server metadata. Used as a data store, only accessible
                          from the server side. You can store secret information
                          related to the team here.
                      id:
                        type: string
                        example: ad962777-8244-496a-b6a2-e0c6a449c79e
                        description: The unique identifier of the team
                      display_name:
                        type: string
                        example: My Team
                        description: >-
                          Human-readable team display name. This is not a unique
                          identifier.
                      profile_image_url:
                        type: string
                        example: https://example.com/image.jpg
                        description: >-
                          URL of the profile image for team. Can be a Base64
                          encoded image. Must be smaller than 100KB. Please
                          compress and crop to a square before passing in.
                      client_metadata:
                        type: object
                        example:
                          key: value
                        description: >-
                          Client metadata. Used as a data store, accessible from
                          the client side. Do not store information that should
                          not be exposed to the client.
                      client_read_only_metadata:
                        type: object
                        example:
                          key: value
                        description: >-
                          Client read-only, server-writable metadata. Used as a
                          data store, accessible from the client side. Do not
                          store information that should not be exposed to the
                          client. The client can read this data, but cannot
                          modify it. This is useful for things like subscription
                          status.
                    required:
                      - created_at_millis
                      - id
                      - display_name
                  selected_team_id:
                    type: string
                    example: team-id
                    description: ID of the team currently selected by the user
                  profile_image_url:
                    type: string
                    example: https://example.com/image.jpg
                    description: >-
                      URL of the profile image for user. Can be a Base64 encoded
                      image. Must be smaller than 100KB. Please compress and
                      crop to a square before passing in.
                  signed_up_at_millis:
                    type: number
                    example: 1630000000000
                    description: >-
                      The time the user signed up (identify) => `(the number of
                      milliseconds since epoch, January 1, 1970, UTC)`
                  client_metadata:
                    type: object
                    example:
                      key: value
                    description: >-
                      Client metadata. Used as a data store, accessible from the
                      client side. Do not store information that should not be
                      exposed to the client.
                  client_read_only_metadata:
                    type: object
                    example:
                      key: value
                    description: >-
                      Client read-only, server-writable metadata. Used as a data
                      store, accessible from the client side. Do not store
                      information that should not be exposed to the client. The
                      client can read this data, but cannot modify it. This is
                      useful for things like subscription status.
                  server_metadata:
                    type: object
                    example:
                      key: value
                    description: >-
                      Server metadata. Used as a data store, only accessible
                      from the server side. You can store secret information
                      related to the user here.
                  last_active_at_millis:
                    type: number
                    example: 1630000000000
                    description: >-
                      The time the user was last active (identify) => `(the
                      number of milliseconds since epoch, January 1, 1970, UTC)`
                  is_anonymous:
                    type: boolean
                  is_restricted:
                    type: boolean
                    example: false
                    description: >-
                      Whether the user is in restricted state (has signed up but
                      not completed onboarding requirements)
                  restricted_reason:
                    type: object
                    properties:
                      type:
                        type: string
                        enum:
                          - anonymous
                          - email_not_verified
                          - restricted_by_administrator
                    required:
                      - type
                    example: null
                    description: >-
                      The reason why the user is restricted (e.g., type:
                      "email_not_verified", "anonymous", or
                      "restricted_by_administrator"), null if not restricted
                  restricted_by_admin:
                    type: boolean
                    example: false
                    description: >-
                      Whether the user is restricted by an administrator. Can be
                      set manually or by sign-up rules.
                  restricted_by_admin_reason:
                    type: string
                    example: null
                    description: >-
                      Public reason shown to the user explaining why they are
                      restricted. Optional.
                  restricted_by_admin_private_details:
                    type: string
                    example: null
                    description: >-
                      Private details about the restriction (e.g., which sign-up
                      rule triggered). Only visible to server access and above.
                  country_code:
                    type: string
                    example: US
                    description: >-
                      Best-effort ISO country code captured at sign-up time from
                      request geo headers.
                  risk_scores:
                    type: object
                    properties:
                      sign_up:
                        type: object
                        properties:
                          bot:
                            type: integer
                          free_trial_abuse:
                            type: integer
                        required:
                          - bot
                          - free_trial_abuse
                    required:
                      - sign_up
                    example:
                      sign_up:
                        bot: 0
                        free_trial_abuse: 0
                    description: User risk scores used for sign-up risk evaluation.
                required:
                  - id
                  - primary_email_verified
                  - primary_email_auth_enabled
                  - signed_up_at_millis
                  - last_active_at_millis
                  - is_anonymous
                  - is_restricted
                  - restricted_by_admin
                  - risk_scores

````