accounts.setAccountInfo REST

Skip to end of metadata
Go to start of metadata

Note: This method is part of the Registration-as-a-Service and the Profile Management - IDS packages. Both packages are premium platforms that require separate activation. If neither are part of your site package, please contact your Gigya Account Manager or contact us by filling in a support form on our site. You can also access the support page by clicking "Support" on the upper menu of Gigya's site.


This method sets account data into a user's account. The method accepts a list of optional parameters each defining a field/object in the account. The parameters that are passed in the request modify the relevant fields, and the other fields remain unchanged.


Do not use this API to create new fields within your site schema, use accounts.setSchema.


Request URL

Where <Data_Center_ID> is:
  • us1 - For the US data center.
  • eu1 - For the European data center.
  • au1 - For the Australian data center.
  • ru1 - For the Russian data center.

If you are not sure of your site's data center, see Finding Your Site's Data Center.




The unique ID of the user for which to set account data. Use either this parameter or regToken.

* You are required to pass only one of the parameters either UID or regToken.


The regToken  returned from accounts.initRegistrationaccounts.register or accounts.login API calls when the registration process has not been finalized. Please note that the regToken  you receive from Gigya is valid for only one hour. Calls passing a regToken are handled as client-side calls by the server: fields with a writeAccess permission of "server only" will be inaccessible. 

** When passing regToken, the call must be made over HTTPS.

addLoginEmailsstring A comma-separated list of emails that should be added to the user's login identifiers list, and can be used for login purposes.
conflictHandlingstringHow the server handles a "login identifier exists" conflict on a new account:
  • fail - (default) returns a "login identifier exists" error.
  • saveProfileAndFail - profile data is saved before returning error "OK with error login identifier exists".
dataJSON object

An object containing custom data. Any data that you want to store regarding the user which isn't part of the profile object can be stored here.

Note that when using this parameter for users that already have custom data stored, it is not necessary to set all the fields again. Just include the fields you want to change or add. For example, the following code adds a "car" field to the user's custom data with the value "Suzuki Alto", or, if a "car" field already exists, its value is changed to "Suzuki Alto". Any other fields in the custom data objects remain unchanged.

{'car':'Suzuki Alto'}
isActiveBooleanThis parameter allows disabling the account. This is only permitted when calling this method from server-side, attempting to disable an account from a client SDK will return an error.
isLockedOutBooleanThis parameter has been deprecated. Use accounts.rba.unlock REST instead.
isVerifiedBoolean Indicates whether the account email(s) are verified.
If you pass the value 'true', all unverified email addresses in the account will be flagged as verified.
muteWebhooksBooleanWhen set to true, no webhooks are triggered by the API call. The default value is false.
newPasswordstringThe new password to replace the old one. Use this parameter with  password . When passing the  securityQuestion  or  securityAnswer  parameters the  password  parameter is required.
Note: If this parameter is passed then the method must be called using HTTPS.
passwordstringThe old password to be changed. Use this parameter with  newPassword .
Note: If this parameter is passed then the method must be called using HTTPS.
profileProfile objectThe user's profile information as described in the Profile object. You may add data to the predefined Gigya fields. To add your own custom profile fields, use the data object.
removeLoginEmailsstringA comma-separated list of emails to be removed from the user's login identifiers list .
requirePasswordChangeBooleanWhen set to true the server will require a password change on the next login.
secretAnswerstringA secret answer to the secret question that can be used for verification. Use this parameter with  secretQuestion Changing the secret answer will not work without providing the existing password (password  parameter).
secretQuestionstringA secret question that can be used for verification. Use this parameter with secretAnswer. Changing the secret question will not work without providing the existing password (password  parameter).
securityOverrideBooleanThe default value is "false". When set to "true", the API call does not require the oldPassword for setting the newPassword. It also does not require a password validation when setting the secret question and answer for the first time. Only users with _sites permissions are allowed to pass this parameter. Read more about Console Administration.
rbaJSON object

Sets the specified user's rba policy. Available properties include: 

  • riskPolicy - Determines the rule set from the defined rulesSets configured in accounts.rba.setPolicy or one of the default policies.
  • riskPolicyLocked - Determines whether the user can change their own riskPolicy. If true, only an admin can change the user's riskPolicy.

If accounts.rba.setPolicy.allowOverride is set to no, this will return an error. You can delete a previously set override by setting the accounts.rba.setPolicy REST allowOverride value to null.

Code example:

rba: {
      "riskPolicy": "low",
      "riskPolicyLocked": true

For setting a site's RBA Policy, see Accounts RBA Policy Object.

usernamestringThe user's new username that can be used as a login identifier, if the site's Login Identifier Policy allow that.
createddateThe time the account was created in ISO 8601 format, e.g. "2014-07-16T19:20:30Z".
regSourcestringA string representing the source of the registration. Can be used to set varying destination pages in accounts.setPolicies.
format string Determines the format of the response. The options are:
  • json (default)
  • jsonp - if the format is jsonp then you are required to define a callback method (see parameter below).
callback string This parameter is required only when the format parameter is set to jsonp (see above). In such cases this parameter should define the name of the callback method to be called in the response, along with the jsonp response data.
httpStatusCodes Boolean The default value of this parameter is false, which means that the HTTP status code in Gigya's response is always 200 (OK), even if an error occurs. The error code and message is given within the response data (see below). If this parameter is set to true, the HTTP status code in Gigya's response would reflect an error, if one occurred.
oldPasswordBooleanDeprecated . Use the password parameter instead.

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Please refer to the Authorization Parameters section for details. 

Response Data


In case of a data validation errors (errorCode 400006), you will receive this field as an array of error objects. Each object represents a validation error regarding one of the following fields:  username, password, secretQuestion, secretAnswer, email. For example:

validationErrors: [
      "errorCode": 400006,
      "message": "invalid password - minimum length of 6 characters is required",
      "fieldName": "password"
      "errorCode": 400006,
      "message": "wrong format",
      "fieldName": ""
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
statusReason string A brief explanation of the status code.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
callId string Unique identifier of the transaction, for debugging purposes.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or

A field that does not contain data will not appear in the response.

Response Example

    "statusCode": 200,
    "errorCode": 0,
    "statusReason": "OK",
    "callId": "ddb3f8e144c84cb5b1bc5f010bddab2b",
    "time": "2015-03-22T11:42:25.943Z"


Gigya defines specific error codes and messages that are used with the Accounts API. These errors are returned with the APIs, indicating that some information is incorrect or missing. 

This section describes the errors that are related to this API, the reasons for each error, and the expected next step.

  • Unique identifier exists (error code 400003) - returned when the email or the username already exist in the accounts database when a user tries to register or to set the account info. The expected next step: call this API method again with a different identifier that does not exist in the account database.
  • Invalid loginID (error code 403042) - returned when a user tries to perform an action that requires a login identifier (username or email) and the login ID doesn't exist in our accounts database. It is also returned if the password that is passed in the API is incorrect.
  • Login identifier exists (error code 403043) - returned when email is defined as the loginIdentifier in the accountOptions policy, and the email address received from the provider exists in the system but is associated with a different user. The expected next step: call accounts.linkAccounts to merges between the account identified by the provided UID and the account identified by the provided login credentials (loginID + password).
  • Validation errors - the validationErrors object is an array of validation errors; each validation error is made up of an  errorCode, a message, and a fieldName. The errorCode and message specify what error occured and the fieldName specifies which field had a validation error. When an invalid field type is used, i.e. a string instead of an integer, or if a wrong format is used, i.e. an email address that is not in a correct format, an "Invalid parameter value" error is returned (error code 400006). A validation error is returned whenever there is a data validation error regarding one of the following required fields: username, password, secretQuestion, secretAnswer, email. The expected next step is: Call the API method again with the missing info.