This method sets account data into a user's account. The method accepts a list of optional parameters each defining a field/object in the account. The parameters that are passed in the request modify the relevant fields, and the other fields remain unchanged.
Do not use this API to create new fields within your site schema, use accounts.setSchema for consistent results. Fields created with setAccountInfo have their write permissions automatically set to serverOnly, and must be manually changed using accounts.setSchema to clientModify if you want to access these fields via client-side Web SDK calls.
The properties listed on this page apply to full accounts, note that Lite accounts only have access to a subset of these properties. For detailed information on Lite Accounts, see the Lite Registration documentation.
us1.gigya.com- For the US data center.
eu1- For the European data center.
au1- For the Australian data center.
ru1- For the Russian data center.
cn1- For the Chinese data center.
If you are not sure of your site's data center, see Finding Your Data Center.
The unique ID of the user for which to set account data. Use either this parameter or regToken .
* You are required to pass only one of the parameters either UID or regToken.
The regToken returned from accounts.initRegistration, accounts.register or accounts.login API calls when the registration process has not been finalized. Please note that the regToken you receive from Gigya is valid for only one hour. Calls passing a regToken are handled as client-side calls by the server: fields with a writeAccess permission of "server only" will be inaccessible.
** When passing regToken , the call must be made over HTTPS .
|||addLoginEmails||string||A comma-separated list of emails that should be added to the user's login identifiers list, and can be used for login purposes.|
|||conflictHandling||string||How the server handles a "login identifier exists" conflict on a new account:|
An object containing custom data. Any data that you want to store regarding the user which isn't part of the profile object can be stored here.
Note that when using this parameter for users that already have custom data stored, it is not necessary to set all the fields again. Just include the fields you want to change or add. For example, the following code adds a "car" field to the user's custom data with the value "Suzuki Alto", or, if a "car" field already exists, its value is changed to "Suzuki Alto". Any other fields in the custom data objects remain unchanged.
This parameter allows disabling the account. This is only permitted when calling this method from server-side, attempting to disable an account from a client SDK will return an error.
If an account's isActive state is false, a user attempting to login will receive an 'Account is disabled' error, and if email is the site's Login Identifier, the same email can not be used to create a new account.
|||isLockedOut||Boolean||This parameter has been deprecated. Use accounts.rba.unlock REST instead.|
Indicates whether the account email(s) are verified.
*If you pass the value 'true', all unverified email addresses in the account will be flagged as verified.
Once an account has been verified it is immutable and can not be 'unverified'.
|||lang||string||The language/locale of the end-user. When setting a user's Consent preferences this parameter is only necessary and required if a consent that is being agreed to or updated has a Purpose defined. You can find a list of supported language codes in Advanced Customizations and Localization.|
|||muteWebhooks||Boolean||When set to true, no webhooks are triggered by the API call. The default value is false.|
|||newPassword||string||The new password to replace the old one. Use this parameter with password . When passing the securityQuestion or securityAnswer parameters the password parameter is required.|
Note: If this parameter is passed then the method must be called using HTTPS.
|||password||string||The old password to be changed. Use this parameter with newPassword .|
Note: If this parameter is passed then the method must be called using HTTPS.
A Preferences Object containing consent data for this user. When manually passing subscription information for a user using this method, you can change only the value of the isConsentGranted Boolean parameter and tags (only when accompanied by a status change of isConsentGranted). When setting or updating a user's Consent you must pass the lang parameter also.
Note, however, that it is not necessary to pass the lang parameter when setting preferences via the Web SDK as it is passed implicitly by the SDK.
|||profile||Profile object||The user's profile information as described in the Profile object. You may add data to the predefined Gigya fields. To add your own custom profile fields, use the data object.|
|||removeLoginEmails||string||A comma-separated list of emails to be removed from the user's login identifiers list .|
|||requirePasswordChange||Boolean||When set to true the server will require a password change on the next login.|
|||secretAnswer||string||A secret answer to the secret question that can be used for verification. Use this parameter with secretQuestion . C hanging the secret answer will not work without providing the existing password ( password parameter). This field is hashed and can not be extracted.|
|||secretQuestion||string||A secret question that can be used for verification. Use this parameter with secretAnswer . Changing the secret question will not work without providing the existing password ( password parameter).|
|||securityOverride||Boolean||The default value is "false". When set to "true", the API call does not require the oldPassword for setting the newPassword . It also does not require a password validation when setting the secret question and answer for the first time. Only users with _sites permissions are allowed to pass this parameter. Read more about Console Administration.|
|||subscriptions||JSON object||A Subscriptions Object containing subscription data for this user. When manually passing subscription information for a user using this method, you can change only the value of the isSubscribed and tags parameters.|
Sets the specified user's rba policy. Available properties include:
For setting a site's RBA Policy, see Accounts RBA Policy Object.
|||username||string||The user's new username that can be used as a login identifier, if the site's Login Identifier Policy allow that.|
|||created||date||The time the account was created in ISO 8601 format, e.g. "2014-07-16T19:20:30Z".|
|||regSource||string||A string representing the source of the registration. Can be used to set varying destination pages in accounts.setPolicies.|
|||oldPassword||Boolean||Deprecated . Use the password parameter instead.|
Each REST API request must contain identification and authorization parameters.
Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:
Please refer to the Authorization Parameters section for details.
In case of a data validation errors (errorCode 400006), you will receive this field as an array of error objects. Each object represents a validation error regarding one of the following fields: username, password, secretQuestion, secretAnswer, email. For example:
A field that does not contain data will not appear in the response.
Gigya defines specific error codes and messages that are used with the Accounts API. These errors are returned with the APIs, indicating that some information is incorrect or missing.
This section describes the errors that are related to this API, the reasons for each error, and the expected next step.
- Unique identifier exists (error code 400003) - returned when the email or the username already exist in the accounts database when a user tries to register or to set the account info. The expected next step: call this API method again with a different identifier that does not exist in the account database.
- Invalid loginID (error code 403042) - returned when a user tries to perform an action that requires a login identifier (username or email) and the login ID doesn't exist in our accounts database. It is also returned if the password that is passed in the API is incorrect.
- Login identifier exists (error code 403043) - returned when email is defined as the loginIdentifier in the accountOptions policy, and the email address received from the provider exists in the system but is associated with a different user. The expected next step: call accounts.linkAccounts to merges between the account identified by the provided UID and the account identified by the provided login credentials (loginID + password).
- Validation errors - the validationErrors object is an array of validation errors; each validation error is made up of an errorCode , a message , and a fieldName . The errorCode and message specify what error occured and the fieldName specifies which field had a validation error. When an invalid field type is used, i.e. a string instead of an integer, or if a wrong format is used, i.e. an email address that is not in a correct format, an "Invalid parameter value" error is returned (error code 400006). A validation error is returned whenever there is a data validation error regarding one of the following required fields: username, password, secretQuestion, secretAnswer, email. The expected next step is: Call the API method again with the missing info.