Update an Account identity profile
/portal/v1/accounts/{accountSlug}/identities/{id}Authentication
- Bearer Token
AuthorizationJWT access token
Path Parameters
| Name | Required | Type | Description |
|---|---|---|---|
id | string |
Request body
first_namestringlast_namestringmetadataany objectCustomer-defined metadata blob (jsonb). Replaces the existing metadata on write; pass `null` to clear.
Code samples
curl -X PATCH "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities/value" \
-H "Authorization: Bearer $CANOPY_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"first_name": "string",
"last_name": "string",
"metadata": {}
}'const response = await fetch("https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities/value", {
method: "PATCH",
headers: {
"Authorization": "Bearer $CANOPY_TOKEN",
"Content-Type": "application/json"
},
body: JSON.stringify({
"first_name": "string",
"last_name": "string",
"metadata": {}
}),
});
const data = await response.json();import requests
response = requests.patch(
"https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities/value",
headers={
"Authorization": "Bearer $CANOPY_TOKEN",
"Content-Type": "application/json"
},
json={
"first_name": "string",
"last_name": "string",
"metadata": {},
},
)
data = response.json()package main
import (
"bytes"
"encoding/json"
"net/http"
)
func main() {
payload := map[string]interface{}{
"first_name": "string",
"last_name": "string",
"metadata": map[string]interface{}{},
}
body, _ := json.Marshal(payload)
req, _ := http.NewRequest("PATCH", "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities/value", bytes.NewBuffer(body))
req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
defer resp.Body.Close()
}Responses
200 Updates first_name / last_name / metadata. Email and external_id are updated through a separate flow (email changes require re-verification, external_id is owned by SSO/SCIM when those features ship).
{
"id": "string",
"email": "string",
"first_name": "string",
"last_name": "string",
"avatar_url": "string",
"external_id": "string",
"metadata": {},
"is_active": false,
"email_verified": false,
"email_verified_at": "2026-04-20T12:00:00.000Z",
"locked_until": "2026-04-20T12:00:00.000Z",
"password_changed_at": "2026-04-20T12:00:00.000Z",
"app_membership_count": 0,
"total_assignments": 0,
"created_at": "2026-04-20T12:00:00.000Z",
"app_memberships": [
{
"id": "string",
"application_id": "string",
"application_slug": "string",
"application_name": "string",
"status": "active",
"created_at": "2026-04-20T12:00:00.000Z",
"assignment_count": 0
}
]
}application/json
idstringemailstringfirst_namestringlast_namestringavatar_urlstringexternal_idstringmetadataany objectis_activebooleanemail_verifiedbooleanemail_verified_atstring (date-time)locked_untilstring (date-time)When non-null and in the future, the identity is locked out from login attempts. Set by the progressive lockout policy on repeated failed logins.
password_changed_atstring (date-time)app_membership_countnumbertotal_assignmentsnumbercreated_atstring (date-time)app_membershipsAccountIdentityAppMembershipDto[]Every active AppMembership for this identity, ordered by Application name. Each entry carries the App's slug + name so the drawer can render links without an additional lookup, plus the per-App assignment count.
401 Invalid or expired token
403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)
404 Identity not found