Skip to main content
PATCH
/
users
/
{id}
/
metadata
Patch metadata of a user
curl --request PATCH \
  --url https://{tenant_id}.hanko.io/admin/users/{id}/metadata \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "public_metadata": {
    "role": "admin"
  },
  "private_metadata": {
    "internal_id": "e6c19cfb-09a2-41e5-a908-e33193b7ca0a"
  },
  "unsafe_metadata": {
    "birthday": "2025-05-12"
  }
}
'
{
  "public_metadata": {
    "role": "admin"
  },
  "private_metadata": {
    "internal_id": "e6c19cfb-09a2-41e5-a908-e33193b7ca0a"
  },
  "unsafe_metadata": {
    "birthday": "2025-05-12"
  }
}
Updates a users metadata by deep merging the metadata patch from the request with existing metadata. Set the entire request to null to clear all metadata: Set any of public_metadata, private_metadata, unsafe_metadata to null to clear metadata for that category. An empty object ({}) for the top level request object or an empty object for public_metadata, private_metadata or the unsafe_metadata property represent a noop patch. Unknown top level keys besides public_metadata, private_metadata or unsafe_metadata are ignored. All other top level request values (e.g. an empty string, a non-empty string, an array) result in a bad request.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your API key. Must only be used when using Hanko Cloud.

Path Parameters

id
string<uuid>
required

UUID of the requested object

Body

application/json

The user metadata patch

public_metadata
object
Example:
{ "role": "admin" }
private_metadata
object
Example:
{
  "internal_id": "e6c19cfb-09a2-41e5-a908-e33193b7ca0a"
}
unsafe_metadata
object
Example:
{ "birthday": "2025-05-12" }

Response

OK

User metadata

public_metadata
object
Example:
{ "role": "admin" }
private_metadata
object
Example:
{
  "internal_id": "e6c19cfb-09a2-41e5-a908-e33193b7ca0a"
}
unsafe_metadata
object
Example:
{ "birthday": "2025-05-12" }