Gigya Job Openings

Profile JS

Skip to end of metadata
Go to start of metadata


This object represents the current state of the user's profile.

Use the accounts.setSchema command to require data in profile fields and to restrict field use on the client side.

The profile object is a JSON object holding the user's profile fields and is stored in the User account .

Gigya encrypts all PII fields by default, however, you can encrypt additional fields within a site's individual schema. Encrypted fields are stored and transmitted encrypted, Gigya manages the decryption of these fields transparently.

 Individual fields can be encrypted via the Screen-set UI Builder or using the accounts.setSchema API.  

Certain profile fields undergo HTML sanitization: city, country, firstName, lastName, nickname, photoURL, profileURL, thumbnailURL, zip, and more.

The following rules are applied to these fields:

  1. Embedded Style Sheets are not allowed. 
  2. HTML comments are not allowed. 
  3. The following HTML tags are removed: script, noscript, iframe, frameset, frame, noframes, style (b, i, u, strong, br, and p tags are allowed). Div, em, blockquote, tt, quote, ecode, ul, ol and li tags are removed, but their child text is allowed. 
  4. Unknown HTML tags are removed. 
  5. Ampersand is encoded to an HTML entity. 
  6. Common HTML attributes are checked for a valid value: align, href, title, lang, nohref, rel, and nofollow, otherwise they are stripped. 
  7. In profile fields containing a URL: PhotoURL, ProfileURL and Thumbnail URL, unsafe characters " ' < > are URL encoded to %22 %27 %3C and %3E.


Data Availability

The following table represents the profile data returned within Gigya's User object for each social network provider. Note that not all fields are populated by social network data; some include data generated by Gigya. The availability of data from a specific network does not guarantee that the user has entered any information for that field or that the data can be retrieved without additional permissions granted by the social network. Program logic should be able to handle any missing data.





  • Facebook provides the "Current city" data via the "Location" field of the Facebook user object, from which the state or country can be inferred.
  • PayPal in the table refers to the OAuth implementation of Paypal. The OpenID implementation of PayPal has been deprecated.
  • LinkedIn recently made changes to their permissions structure. As a result of those changes, much of the Extended Permissions data that apps were once able to receive now require becoming a LinkedIn Partner. The Gigya app utilized above does not have this 'Partner' status, so a number of fields in the above example will show up as  This data is provided by the social network but is not returned for this specific user profile. Please view the LinkedIn Developer Program Transition Guide for more information.
  • Slight differences exist between the User object returned by the client and the User object returned by the server. When retrieved from the client, missing properties will appear as empty strings and the identities and capabilities fields are returned as JSON objects. When retrieved from the server, only fields with data are returned, the identities field returns as an array and the capabilities field as a comma separated string. 


Data Members


Field NameTypeDescription
firstNamestringThe user's first name.
lastNamestringThe user 's last name.
nicknamestringThe user's nickname, this may be either the nickname provided by the social network provider or a concatenation of the first and last names.
addressstringThe user's address.

The age of the user.

Note: This is a computed field that is updated by the Gigya service whenever the user logs into Gigya and when some API calls are performed (such as accounts.setAccountInfo). This means that for some accounts, the field may be out of date. The field is read only.

biostringThe user's bio or a description of the person's professional profile (depending upon network).
birthDayintegerThe day in the month in which the user was born.
birthMonthintegerThe month in which the user was born.
birthYearintegerThe year in which the person was born.

The capabilities of the user. The capabilities of the user are the unification of the capabilities of all the providers to which the user is currently connected. The significance of the capabilities is indicating which operations are now available for the current user. The capabilities object has seven Boolean fields representing seven possible capabilities:  login, notifications, actions, friends, status, contacts and photos. 

Usage example:

if (user.capabilities.friends) {
     //Do Something 

Note: When retrieved from the server, capabilities are sent as a comma-separated string containing the names of the active capabilities: "capabilities: Login, Friends, Notifications, Actions".

certificationsArray of objects

Each object in the array includes the fields below:

  • - The user's certification name.
  • certifications.authority -  The user's certification authority.
  • certifications.number -  The user's certification number.
  • certifications.startDate -  The user's certification start date.
  • certifications.endDate -  The user's certification end date.
citystringThe user's city. 
countrystringThe user's country.
educationArray of objects

Each object in the array includes the fields below:

  • - The user's school name. 
  • education.schoolType - The user's school type.
  • education.fieldOfStudy - The user's field of study.
  • - The user's degree.
  • education.startYear - The user's education start year.
  • education.endYear -  The user's education end year.
educationLevelstringThe education level. Can be "Graduate school", "College", or "High-school".

The user's email address.

If additional/multiple email addresses are added (edited) to a user's account using accounts.setAccountInfo and the Login Identifier for the site is Email, all added email addresses will also be added to the loginIDs.emails array. To remove an email from the loginIDs array you must use accounts.setAccountInfo, example:

favoritesArray of objects

Each object in the array includes the fields below *:

  • favorites.interests.
    • - The ID of the user's favorite interest.
    • - The name of the user's favorite interest.
    • favorites.interests.category - The category of the  user's favorite interest.
  • favorites.activities.
    • favorites.activities. id - The ID of the user's favorite activity.
    • favorites.activities. name - The name of the user's favorite activity.
    • favorites.activities. category -  The category of the  user's favorite activity.
  • favorites.books.*
    • favorites.books. id -  The ID of the user's  favorite book.
    • favorites.books. name -  The name of the user's  favorite book.
    • favorites.books. category -  The category of the  user's favorite book.
    • id -  The ID of the user's  favorite music.
    • name -  The name of the user's  favorite music.
    • category -  The category of the  user's favorite music.
  • favorites.movies.*
    •  -  The ID of the user's  favorite movie.
    • favorites.movies. name -  The name of the user's  favorite movie.
    • favorites.movies. category -  The category of the  user's favorite movie.
  • favorites.television.*
    • -  The ID of the user's  favorite television show.
    • -  The name of the user's  favorite television show.
    • favorites.television.category -  The category of the  user's favorite television show.
followersCountintegerThe number of users following this user. This is the sum of all the users following this user, from all the providers (identities). Currently, only Twitter identities are supported. If a user has no followers data in Twitter, this field will show "no data". 
followingCountintegerThe number of users this user is following.  This is the sum of all the users who this user is following, from all providers (identities). Currently, only Twitter identities are supported. If a user has no followers data in Twitter, this field will show "no data". 
genderstringThe gender  of the user. Can be 'm', 'f', or 'u', for male, female, or unspecified.
hometownstringThe user's hometown.
honorsstringThe list of honors of the user.
identitiesdictionary object

A dictionary object where the keys are the names of the providers to which the user is connected (e.g., 'facebook', 'yahoo', etc.) and the values are Identity objects received from that provider.
For example: If the user is connected to Facebook then user.identities['facebook'] is the identity object representing his Facebook identity and user.identities['facebook'].providerUID is the ID of the user in Facebook.


  • When retrieved from the server this field will be an array and not a dictionary object.
  • When used in getFriendsInfo this field contains only identities from the social network in which the users are friends: if User A and User B are friends on Facebook but not on Twitter, then only User B's Facebook identity is returned.

industrystringThe user's professional industry.
interestedInstringThe preferred gender of the user's romantic interests.
interestsstringThe user's interests.
isConnectedBooleanIndicates whether the user is connected to any available provider. This is true only if the user isSiteUser=true and it has at least one identity.

Deprecated. Use lockedUntil instead.

Whether the user is currently locked out of their account due to an RBA trigger.

iRankdecimalInfluencer rank. The iRank is a number between 0-99, which denotes the percentile location of the user in comparison to all other site users as a site influencer. For example, if a user's iRank equals 60, this means that 60% of the site users influence less than this user, or in other words, this user is in the top 40% of site influencers.
The iRank is calculated based on the amount of exposure this user provides the site. The calculation is done for the past several months, where recent activities receive higher ranks. The iRank is per site (per API key), the same user may have different ranks for different domains.The iRank calculation uses the following parameters:
  • The number of friends this user has in all the networks to which he is connected through this site.
  • The number of times this user shared something in this site (per month).
  • The number of click backs that were made as a result of this user's shares.



  • The iRank is not available in the User object by default. To retrieve the iRank of a user, call the getUserInfo method with the extraFields parameter. Include the iRank  in the list of extra fields to retrieve.
  • Influencer ranks may also be retrieved through our Influencers Report. Read more in Reports and Analytics.

This field indicates if the UID is a site UID (provided by your site) or an ID generated by Gigya.
Your site may provide the site UID using the socialize.setUID , socialize.notifyRegistration or socialize.notifyLogin methods.

The value true indicates the UID has been provided by your site, not generated by Gigya.

isSiteUserBooleanIndicates whether the current user is a user of the site. This is useful for checking which friends of the current user are also users of the same site.
languagesstringA comma-separated list of languages that the person speaks.
likesArray of objects

Each object in the array includes the fields below: *

  • - The name of the user's like.
  • likes.category - The category of the user's like.
  • - the identifier of the user's like.
  • like.time - the time the like was created in UTC standard ISO 8601  format (i.e.,
  • like.timestamp - the time the like was created in Unix time format (i.e., the number of seconds since Jan. 1st 1970).
localestring The user's locale, as received from the social network or as it was entered during an account import.
lockedUntilDateTimeThe earliest time when a user can again log in after they have been locked out by an RBA rule. This property is only available via and should always be used in favor of isLockedOut.
loginProvider The name of the provider that the user used in order to log in. If the user logged in using your site login mechanism, then the value of this parameter would be 'site'. If the user is not logged in, then the value of this parameter would be an empty string.
If the value of this parameter is not an empty string then user.identities[user.loginProvider] is the identity used for login.
loginProviderUIDstringIf the user is logged in, this field will hold the user's ID from the login provider. For example, if the user logged in using Facebook then this field will hold the user's Facebook ID.
oldestDataAgeintegerThe difference in seconds between the oldestDataUpdatedTimestamp and the current time.
oldestDataUpdatedTimestampintegerThe time when the oldest data of the object was refreshed, in Unix time format, i.e., seconds since Jan. 1st 1970.
patentsArray of objects

Each object in the array includes the fields below:

  • patents.title - The user's patent title.
  • patents.summary - The user's patent summary.
  • patents.number - The user's patent number.
  • - The user's patent office.
  • patents.status - The user's patent status.
  • - The user's patent date.
  • patents.url - The user's patent URL.
phonesArray of objects

Each object in the array includes the fields below:

  • phones.type - The user's phone type (string).
  • phones.number - The user's phone number (string).
photoURLstringThe URL of the user's full-size photo. 
politicalViewstringThe user's political view.
professionalHeadlinestringThe user's professional headline.
profileURLstringThe URL of the user's profile. 
providersarray of stringsContains the names of the providers to which the user is connected/logged in.
publicationsArray of objects

Each object in the array includes the fields below:

  • publications.title - The user's publication title.
  • publications.summary - The user's publication summary.
  • publications.publisher - The user's publication publisher.
  • - The user's publication date.
  • publications.url - The user's publication URL.
relationshipStatusstringThe user's relationship status.
religionstringThe user's religion.
samlDataobjectA Custom SAML data object. When mapping IdP attributes to identity fields, we allow mapping to a custom identity field , not only to an existing one. An attribute can be mapped to this custom identity field by mapping it to a name like "samlData.myField".
signatureTimestampintegerIf the global configuration object 's "signIDs" field is set to 'true', Gigya "signs" the User object (when returned by an API method) with a cryptographic signature, to prevent fraud. This field will hold the timestamp that should be used for verification * . The timestamp is the GMT time of the response in UNIX time format (i.e. the number of seconds since Jan. 1st 1970).
skillsArray of objects

Each object in the array includes the fields below:

  • skills.skill - The user's skill.
  • skills.level - The level of the user's skill.
  • skills.years - The years of the user's skill.
specialitiesstringThe user's professional specialties.
statestringThe user's state.
timezonestringThe user's timezone.
thumbnailURLstringThe URL of the user's thumbnail image (when available).  The following unsafe characters in the URL will be URL encoded:  " ' < > (to %22 %27 % 3C  and % 3E ).
UIDstringA unique ID for the person represented by this object. The UID is returned by login or notifyLogin after a person is successfully authenticated in your site, and it is guaranteed to be consistent over time for that person (note that if notifyLogin was used, the UID contains the same ID provided by the site). You can then use the UID as a parameter in methods that require you to specify a user.

Gigya uses digital signatures to transmit the UID. See Validate the UID Signature in the Social Login Process for information on how to use the UID securely.

The UID is case-sensitive, so that, for example, two UIDs that differ only by one character being uppercase or lowercase are processed as two different UIDs. If your integration depends on using case-insensitive UIDs, please discuss the issue with your Implementation Consultant.


  • UIDs are not globally unique and may be set to a custom unique string during user registration using the socialize.setUID method. I.e., every site can set its own UIDs and different sites may choose to set the same UID.
  • The UID value may be long, and if you plan to store it in a database, the recommended minimum field size is 300 characters.
  • The UID string must be encoded using the encodeURIComponent() function before it is sent to your server.
UIDSignaturestringIf the global Configuration object 's "signIDs" field is set to 'true', Gigya "signs" the User object (when returned by an API method) with a cryptographic signature, to prevent fraud. This field will hold the signature , that should be used for verification * .
usernamestringThe user's username.
isVerifiedbooleanIf the user's Gigya account is considered verified.

When returned as part of the Profile object, it is the date and time the account was verified in ISO 8601 format (string). When returned inside an Identity object of the Profile, it is whether the user's email address has been verified by the social network (boolean).

 Response Example
  "UID": "_guid_UJM...Hi0=",
  "UIDSignature": "T7x70...T2I=",
  "signatureTimestamp": "1479802948",
  "loginProvider": "facebook",
  "isRegistered": true,
  "isActive": true,
  "isLockedOut": false,
  "isVerified": true, // whether the user's Gigya account is considered verified
  "socialProviders": "amazon,facebook,googleplus,linkedin,site,twitter",
  "identities": [
      "provider": "facebook",
      "providerUID": "1443...82",
      "isLoginIdentity": true,
      "photoURL": "",
      "thumbnailURL": "",
      "firstName": "...",
      "lastName": "...",
      "gender": "m",
      "email": "",
      "profileURL": "",
      "proxiedEmail": "",
      "allowsLogin": true,
      "isExpiredSession": false,
      "verified": "true", // Whether the user's email is verified by the social network
      "lastUpdated": "2016-11-21T14:21:46.850Z",
      "lastUpdatedTimestamp": 1479738106850,
      "oldestDataUpdated": "2016-11-21T14:21:46.272Z",
      "oldestDataUpdatedTimestamp": 1479738106272
  "data": {
    "subscribe": false
  "password": {},
  "created": "2015-08-25T14:08:35.481Z",
  "createdTimestamp": 1440511715481,
  "lastLogin": "2016-11-21T14:21:46.303Z",
  "lastLoginTimestamp": 1479738106303,
  "lastUpdated": "2016-11-21T14:21:46.850Z",
  "lastUpdatedTimestamp": 1479738106850,
  "oldestDataUpdated": "2016-04-05T15:11:38.014Z",
  "oldestDataUpdatedTimestamp": 1459869098014,
  "registered": "2015-08-25T14:08:35.544Z",
  "registeredTimestamp": 1440511715544,
  "verified": "2015-08-25T14:08:35.497Z", // Time the Gigya account was verified
  "verifiedTimestamp": 1440511715497, // Unix timestamp the Gigya account was verified
  "statusCode": 200,
  "errorCode": 0,
  "statusReason": "OK",
  "callId": "d1b...78a",
  "time": "2016-11-22T08:22:28.227Z"

verifiedTimestampintegerThe time the user's Gigya account was verified in Unix format (i.e., seconds since January 1st, 1970).
workArray of objects

Each object in the array includes the fields below:

  • - The company where the user works/worked.
  • work.companyID - The company's ID.
  • work.title - The user's title in the company.
  • work.companySize - The company's size.
  • work.startDate - The date the user started working at the company.
  • work.endDate - The date the user stopped working at the company.
  • work.industry - The industry of the company.
  • work.isCurrent - Indicates whether the user is still working at the company.
zipstringThe user's zip code.

* To verify the authenticity of the User Object, follow the instructions in the section Signature Validation Process, using the UID, UIDSignature and signatureTimestamp fields.

  • The profile information is returned only for providers who support it. If a field doesn't exist for a chosen provider, the response will be returned without this field. For information on making direct API calls to a specific provider, please see Direct API Calls to Providers.
  • *  We limit the response for this parameter to only retrieve the first 500 objects.
  • Not all available fields are returned by default. Please see the applicable API documentation for any optional parameters required for returning extra data fields such as a user's likes or complete Identities data, for example, accounts.getAccountInfo or socialize.getUserInfo.