Users

Update user details

Modify profile information for an existing user.

PATCH
PATCH
PATCH

https://api.docly.com/v1/users/{user_id}

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

The Update User endpoint allows you to modify specific details of an existing user without replacing the entire object. Only the fields included in the request body will be updated.

Authorizations

Authorization

string

required

A valid refresh token passed using the Bearer authentication scheme.

Format: Authorization: Bearer <refresh_token>

The token must be active and issued by your authentication server.

Authorizations

Authorization

string

required

A valid refresh token passed using the Bearer authentication scheme.

Format: Authorization: Bearer <refresh_token>

The token must be active and issued by your authentication server.

Authorizations

Authorization

string

required

A valid refresh token passed using the Bearer authentication scheme.

Format: Authorization: Bearer <refresh_token>

The token must be active and issued by your authentication server.

Request Body

device_id

string

optional

Unique identifier of the client device requesting the refresh.

Used for session tracking and anomaly detection.

Example: "web-3f92ab1c"

rotate_refresh_token

boolean

optional

Indicates whether a new refresh token should be issued.

Defaults to true.

If set to false, the existing refresh token remains valid.

client_version

string

optional

Version of the client application initiating the request.

Useful for telemetry and debugging.

Example: "2.4.1"

Request Body

device_id

string

optional

Unique identifier of the client device requesting the refresh.

Used for session tracking and anomaly detection.

Example: "web-3f92ab1c"

rotate_refresh_token

boolean

optional

Indicates whether a new refresh token should be issued.

Defaults to true.

If set to false, the existing refresh token remains valid.

client_version

string

optional

Version of the client application initiating the request.

Useful for telemetry and debugging.

Example: "2.4.1"

Request Body

device_id

string

optional

Unique identifier of the client device requesting the refresh.

Used for session tracking and anomaly detection.

Example: "web-3f92ab1c"

rotate_refresh_token

boolean

optional

Indicates whether a new refresh token should be issued.

Defaults to true.

If set to false, the existing refresh token remains valid.

client_version

string

optional

Version of the client application initiating the request.

Useful for telemetry and debugging.

Example: "2.4.1"

Response Fields

access_token

string

required

New short-lived access token used to authorize API requests.

refresh_token

string

required

New refresh token issued when rotation is enabled.

expires_at

string

required

ISO 8601 timestamp indicating when the access token will expire.

Example: "2026-03-01T18:25:43Z"

session_id

string

required

Identifier of the active authentication session.

refresh_token_expires_at

string

optional

Expiration timestamp for the newly issued refresh token.

Response Fields

access_token

string

required

New short-lived access token used to authorize API requests.

refresh_token

string

required

New refresh token issued when rotation is enabled.

expires_at

string

required

ISO 8601 timestamp indicating when the access token will expire.

Example: "2026-03-01T18:25:43Z"

session_id

string

required

Identifier of the active authentication session.

refresh_token_expires_at

string

optional

Expiration timestamp for the newly issued refresh token.

Response Fields

access_token

string

required

New short-lived access token used to authorize API requests.

refresh_token

string

required

New refresh token issued when rotation is enabled.

expires_at

string

required

ISO 8601 timestamp indicating when the access token will expire.

Example: "2026-03-01T18:25:43Z"

session_id

string

required

Identifier of the active authentication session.

refresh_token_expires_at

string

optional

Expiration timestamp for the newly issued refresh token.

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • refresh_token_invalid

  • refresh_token_expired

  • session_not_found

  • token_rotation_failed

error_description

string

required

Detailed explanation of why the request failed.

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • refresh_token_invalid

  • refresh_token_expired

  • session_not_found

  • token_rotation_failed

error_description

string

required

Detailed explanation of why the request failed.

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • refresh_token_invalid

  • refresh_token_expired

  • session_not_found

  • token_rotation_failed

error_description

string

required

Detailed explanation of why the request failed.

Previous

Previous

Previous

Next

Remove a user

Next

Remove a user

Next

Need help? Contact Support

Join our Discord Community

Questions? Contact Sales

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

Create a free website with Framer, the website builder loved by startups, designers and agencies.