# Partially update a user

Updates an existing user resource, overwriting values for specified attributes.
The value of the {id} should be the user's corresponding user ID. Attributes that are not provided in the request will remain unchanged. Updating a value to " " will clear and remove the field from the user's profile.

Endpoint: PATCH /scim/v2/Users/{id}
Version: 2026-02-20
Security: bearerAuth

## Path parameters:

  - `id` (string, required)
    User ID to update

## Header parameters:

  - `Idempotency-Key` (string)
    Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. 

With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident.

  - `Accept-Encoding` (string)
    Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. 

If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it.

  - `Content-Encoding` (string)
    Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.

  - `Zuora-Track-Id` (string)
    A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue.

The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote (').

  - `Zuora-Entity-Ids` (string)
    An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you should not set this header.

## Request fields (application/json):

  - `schemas` (array, required)
    Enum: "urn:ietf:params:scim:api:messages:2.0:PatchOp"

  - `Operations` (array, required)
    Example: [{"op":"replace","path":"/emails","value":{"emails":[{"value":"updatedEmail@zuora.com","display":"updatedEmail@zuora.com","type":"home","primary":false}]}}]

  - `Operations.op` (string)
    Enum: "replace", "add", "remove", "copy", "move", "test"

  - `Operations.path` (string)

  - `Operations.value` (object)

  - `Operations.value.emails` (array)

  - `Operations.value.emails.display` (string)

  - `Operations.value.emails.type` (string)
    Enum: "work", "home", "other"

  - `Operations.value.emails.primary` (boolean)

## Response 200 fields (application/json):

  - `schemas` (array)
    A list of schema URNs that are applicable to the user resource. This helps to identify the structure and format of the returned data.
    Enum: "urn:zuora:scim:schemas:1.0:UserExtension", "urn:ietf:params:scim:schemas:core:2.0:User"

  - `id` (string)
    The unique identifier for the user resource.

  - `meta` (object)

  - `meta.created` (string)
    The timestamp when the user resource was created, in ISO 8601 format.

  - `meta.resourceType` (string)
    The type of the resource, in this case, it is always 'User' for user resources.

  - `meta.location` (string)
    The URL where the full representation of the user resource can be retrieved.

  - `userName` (string)
    The username for the user. This is a unique identifier for the user in the system.

  - `name` (object)

  - `name.formatted` (string)
    The full name of the user formatted as a single string (e.g., 'John Doe').

  - `name.familyName` (string)
    The family name (or surname) of the user.

  - `name.givenName` (string)
    The given name (or first name) of the user.

  - `displayName` (string)
    The display name of the user, which may be used in UIs.

  - `preferredLanguage` (string)
    The preferred language of the user for communication.

  - `locale` (string)
    The locale of the user, typically a language code combined with a region (e.g., 'en-US').

  - `active` (boolean)
    Indicates whether the user account is active or not.

  - `emails` (array)

  - `emails.value` (string)
    The email address of the user.

  - `emails.display` (string)
    A display name for the email address, typically the same as the email value.

  - `emails.type` (string)
    The type of the email address (e.g., 'work', 'home').

  - `emails.primary` (boolean)
    Indicates whether this email address is the primary address for the user.

  - `groups` (array)

  - `groups.value` (string)
    The unique identifier for the group the user belongs to.

  - `groups.display` (string)
    The display name of the group.

  - `roles` (array)

  - `roles.value` (string)
    The role assigned to the user.

  - `roles.display` (string)
    A display name for the role.

  - `urn:zuora:scim:schemas:1.0:UserExtension` (object)

  - `urn:zuora:scim:schemas:1.0:UserExtension.schemas` (array)
    A list of schema URNs that are specific to Zuora's extended user schema.
    Enum: "urn:zuora:scim:schemas:1.0:UserExtension"

  - `urn:zuora:scim:schemas:1.0:UserExtension.organizationId` (string)
    The unique identifier for the organization to which the user belongs.

  - `urn:zuora:scim:schemas:1.0:UserExtension.status` (string)
    The current status of the user (e.g., ACTIVE, INACTIVE).

  - `urn:zuora:scim:schemas:1.0:UserExtension.ssoEnabled` (boolean)
    Indicates whether Single Sign-On (SSO) is enabled for this user.

  - `urn:zuora:scim:schemas:1.0:UserExtension.region` (string)

## Response 401 fields (application/json):

  - `success` (boolean)
    Indicates whether the request was successful. For unauthorized responses, this is always false.

  - `reasons` (array)
    Example: [{"message":"Unauthorized","code":"90000011"}]

  - `reasons.message` (string)
    A human-readable message explaining the reason for the unauthorized response.
    Example: "Unauthorized"

  - `reasons.code` (string)
    A specific error code associated with the unauthorized response. This code can be used for programmatic handling of the error.
    Example: "90000011"

## Response 403 fields (application/json):

  - `timestamp` (string)
    The date and time when the error occurred, in ISO 8601 format.
    Example: "2023-07-28T10:47:07.931+00:00"

  - `status` (integer)
    The HTTP status code of the response, which is 403 for forbidden errors.
    Example: 403

  - `error` (string)
    A short description of the error type. For forbidden errors, this is always 'Forbidden'.
    Example: "Forbidden"

  - `message` (string)
    A detailed message explaining why the request was forbidden. This might include additional context about access control issues.
    Example: "Admin access denied"

  - `path` (string)
    The path of the request that resulted in the error. This helps identify which resource or endpoint was being accessed when the error occurred.
    Example: "/scim/v2/Users/00000000-0000-0000-0000-000000000000"


## Response 204 fields