Update Patch - DruID Integrators and Developers site

Description

You have to call this method when you want to edit info of an existing user in DRUID.

If you edit any confirmable id (email, mobile), and user had that id previously confirmed, new id need to be confirmed. The user’s new email/mobile will not be established until the confirmation process is completed.

Please, read first https://dru-id.com/developers/apis/oauth-2/ to learn about Oauth2 protocol and the meaning of each token.

The PATCH method allows clients to perform partial updates on an existing resource. Unlike a full UPDATE (typically implemented as a PUT request), which requires the complete representation of the resource, a PATCH request only needs the specific fields that must be modified. This makes PATCH more efficient and precise, especially when working with large or complex data structures.

With this method, it is possible to set one or more parameters to null in order to remove them from the resource. However, certain constraints apply when working with confirmable identifiers such as email addresses, phone numbers, or any other ID that requires user verification.

User Identification Requirements

To perform a PATCH operation, the target user must be clearly identified.
You must include either the object_id or the pulse_id.

Handling Confirmable Identifiers

Confirmed IDs cannot be deleted — they may only be replaced.
When a confirmable ID is replaced, the system automatically sends a confirmation code to the user.
The update to that ID will not take effect in the database until the user completes the confirmation process.
Until confirmation is received, the existing value remains active and unchanged.

Supported Fields

This method accepts any combination of:

IDs (including confirmable and non-confirmable identifiers)
Data fields
Addresses
Assertions

Each of these can be independently added, modified, or—where permitted—removed using null values.

Redirection After Confirmation

When a confirmable identifier is updated, the user may be redirected to a URL specified in the request context after completing the confirmation process.
This redirect will only occur if the provided URL is included in the cockpit’s app whitelist, ensuring secure and controlled navigation.

Endpoint URL:

PATCH https://{your-endpoint-domain.com}/activityid/v1/user/update/{object_id}
OR
PATCH https://{your-endpoint-domain.com}/activityid/v1/user/update/pulse-id/{pulse_id}

Request parameters

Parameter	Description	Type	Required
Authorization	Bearer ${access_token} : Literal text Bearer followed by access_token that is the token for current logged user obtained from login endpoint Or Bearer ${challenge_code_token}: Literal text Bearer followed by challenge_code_token that is the token obtained from /oauth2/token endpoint	string	yes
Content-Type	application/json	string	yes
Accept	application/json	string	yes
From	Id of the entry point	string	yes
Accept-Language	Language of this request	Locale	no

Query string parameters

Parameter	Description	Type	Required
code_verifier	code_verifier must follow oauth2 specs: See https://www.oauth.com/oauth2-servers/pkce/authorization-request	String	Only if the challenge code is used

Request example

Parameter	Description	Type	Required	Value
actor.id	Same id that is given in the url path param	string	yes	object_id or pulse_id
actor.objectType	Type of the object which represents the actor.	string	yes	‘person’
verb	Verb used for patching user	string	yes	‘update’
object.objectType	ObjectType represents the user	string	yes	‘user’
object.password	Password of the user. it must be send plain	string	yes	user password
object.ids	User identifiers. More info about user identifiers User Info	struct	yes	struct
object.datas	User datas. More info about user datas User Info	struct	yes	struct
object.addresses	User addresses. More info about user addresses User Info	struct	no	struct
object.assertions	Struct that defines legalities manage by the user. More info about user assertions User Info	struct	yes	struct
source.id	Type of device doing the activity	string	yes	‘unknown’ \| ‘pc’ \| ‘mobile’ \| ‘tablet’ \| ‘game_console’ \| ‘itv’
source.objectType	Type of source	string	yes	‘device’
context.url	The url where the user is going to be redirected after confirming his new identifier. This url must be whitelisted through cockpit. If not provided, the default callback would be used instead	string	no	‘https://dru-id.com/developers’

Response examples

Response: user updated successfully

Response: user updated successfully, and email or mobile needs confirmation

This means that all the parsed data has been modified except for n number of identifiers which need the user confirmation for applying the change

Response: no changes in update

You will receive Http Response 304 Not Modified with and empty body

Response: Errors in request

Response: Bad Request

Response: Constraint Violation

Response codes

Code	Type	Description
200	Success	User updated successfully. You will get ‘user logged JSON response’
206	Success	Partial content: User updated successfully but needs some data to be confirmed
304	Success	User not modified. There is no need to apply any changes.
400	Error	Bad Request: The request could not be understood by the server due to malformed syntax
401	Error	Unauthorized: authentication is required and has failed or has not yet been provided (token is invalid, etc)
403	Error	Forbidden: user id or password are invalid
404	Error	User not found
416	Error	Some of the fields to update do not comply with the required specifications
428	Error	Precondition required: User need to configure MFA or needs to send a MFA code. Check the MFA API
500	Error	Internal Server Error: The server encountered an unexpected condition which prevented it from fulfilling the request
502	Error	Error while generating the confirm code for confirming one of the identifiers.