Update User
Update an existing user.
HTTP Request
PATCH/api/users/:id
Authorization
Authorization
- Required: Yes
- Permission: Staff with UserPermission or Admin
- Permission Code: 1223
- Authentication: Token-based (Authorization: Token <your_api_key>)
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| id | Integer | Yes | Unique ID of the user to update |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| username | String | No | Unique username for the user. |
| password | String | No | Password for the user account. |
| mobile_number | String | No | Mobile phone number of the user. |
| String | No | Email address of the user (nullable). | |
| is_email_verified | Boolean | No | If the email number is a verified one (default=false) |
| avatar | File | No | User profile avatar image |
| first_name | String | No | First name of the user. |
| last_name | String | No | Last name of the user. |
| gender | String | No | Gender of the user (`male`, `female`, `other`) (Default Male) |
| invited_by | Integer | No | id of the inviting user (nullable) |
| is_staff | Boolean | No | Whether user has staff privileges (default: false). |
| is_admin | Boolean | No | Whether user has admin privileges (default: false). |
| is_active | Boolean | No | Whether user account is active (default: true). |
| groups | Array | No | List of group IDs the user belongs to. |
| permissions | Array | No | List permissions IDs the the user have |
Example Requests
- 🐍 Python
- 🌐 Curl
1import requests
2
3api = requests.Session()
4api.headers.update({'Authorization': 'Token f4e75eab6e0f663a972d145478d6fc4b81762070'})
5response = api.patch(
6 'http://www.example.com/api/users/78/',
7 json={
8 'first_name': 'Michael',
9 'last_name': 'Chen-Rodriguez',
10 'mobile_number': '09113235256',
11 'is_staff': True,
12 'groups': [1, 3, 5],
13 'avatar': open('path/to/avatar.jpg', 'rb')
14 }
15)1curl "http://www.example.com/api/users/78/" -X PATCH -H "Authorization: Token XXXXXXXXXXXXXXXXXXXXXX" -H "Content-Type: application/json" -d '{
2 "first_name": "Michael",
3 "last_name": "Chen-Rodriguez",
4 "mobile_number": "+1-555-0157",
5 "is_staff": true,
6 "groups": [1, 3, 5],
7 "avatar": "path/to/avatar.jpg"
8}'Response Fields
Response Fields
| Field | Type | Description |
|---|---|---|
| id | Integer | Unique ID of the user (unique) |
| username | String | Username of the user (unique) |
| mobile_number | String | Mobile phone number of the user(unique, nullable) |
| String | Email address of the user(unique, nullable) | |
| is_email_verified | Boolean | Shows if the email has been verified |
| avatar | String | URL to the user's avatar image (nullable). |
| first_name | String | First name of the user(nullable) |
| last_name | String | Last name of the user(nullable) |
| full_name | String | Full name (nullable). |
| gender | String | Gender of the user.(male/female/other) |
| invited_by | Object(InvitingUser) | User who has invited current user |
| invite_code | String | Related invite code of the user (nullable) |
| invitees_count | Integer | Number of users invited by the current user(nullable) |
| is_active | Boolean | Whether user account is active. |
| is_staff | Boolean | Whether user has staff privileges. |
| is_admin | Boolean | Whether user has admin privileges. |
| is_profile_completed | Boolean | Whether user profile data are complete or not |
| last_login | String (ISO 8601) | Timestamp of last login (null for new users). |
| created_at | String (ISO 8601) | Timestamp when user was created. |
| updated_at | String (ISO 8601) | Timestamp when user was last updated. |
| is_online | Boolean | Whether user is currently online. |
| invitees | Object(InvitedUsers) | List of invited users |
| groups_data | Array[Object] | Array of group objects with detailed info. |
| permissions_data | Array[Ojbect(Permission)] | Array of permissions objects the user have |
Group Data Structure
| Field | Type | Description |
|---|---|---|
| id | Integer | Unique ID of the group |
| name | String | Name of the group |
Example Response
{
"id": 2,
"username": "moratti120",
"mobile_number": "09150207212",
"email": "masimo@intermilan.com",
"is_email_verified": false,
"avatar": null,
"first_name": "masimo",
"last_name": "moratti",
"full_name": "masimo moratti",
"gender": "male",
"invited_by": {
"id": 1,
"username": "keegan2255",
"full_name": "kevin keegan"
},
"invite_code": null,
"invitees_count": 1,
"is_active": true,
"is_staff": true,
"is_admin": false,
"is_online": false,
"is_profile_completed": true,
"last_login": "2026-02-21T07:20:25.338627Z",
"created_at": "2026-02-21T07:20:25.859632Z",
"updated_at": "2026-02-22T04:34:35.140136Z",
"invitees": [
{
"id": 3,
"username": "Eve68",
"full_name": "پارسا حسینینژاد"
}
],
"groups_data": [
{
"id": 1,
"name": "Inter"
}
],
"permissions_data": [
{
"id": 1,
"code": 1001,
"name": "general_settings_read"
}
]
}
Notes
- Set null value to avatar field to remove existing avatar.
- The
groupsfield should contain valid group IDs that already exist in the system. emailandis_email_verifiedare unique together, meaning multiple users may use a duplicate email for themselves, hence only one of them can verify the email.permissionsfield should contain valid permission IDs that already exist in the system.