# User

## Register a user

 - [POST /blaize/register](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/registerusers.md): This endpoint enables clients to initiate the creation of a new user account. If a contact with an identical email address already exists, that contact will be elevated to the status of a registered user. Essential attributes like identifiers.email_address and validators.password are mandatory for this endpoint. If any of these attributes are absent, registration attempts will trigger an error. Upon a successful request, session cookies like blaize_session and blaize_tracking_id are generated and included in the response header.

## Create or Update a Contact User

 - [POST /zephr/createContact](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/createcontact.md): This endpoint creates a new contact user or updates the attributes of an existing contact user if one exists with the supplied email address.
To use this endpoint, 'contact users' must be enabled in the identity settings page in the  console.
A contact user is a type of user that has no validators and so no ability to create authenticated sessions. Contact users can be created to capture user information, such as email addresses, without fully registering users.
This endpoint cannot be used to update the attributes of a registered user. Attempting to do so will return a 409 response.
After creating a contact with an anonomyous session, the session is updated to include a flag to identify that this has happened. In the rules builder, the 'Contact Capture' decision node can be used to test this flag value and so determine if the current anonymous session was used to create a contact. This can be used, for example, to prevent showing a contact form to anonymous users that have already filled in such a form.

## Delete the user data

 - [POST /blaize/forget-me](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/deleteuserdata.md): Deletes user related data like sessions, elasticSearch data, O2Auth tokens according to the provided user_id in the session cookie.

## Retrieve the account

 - [GET /blaize/account](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveaccount.md): Retrieves the user's core account details.

## Retrieves the attributes for an authenticated user in the Zephr user store.

 - [GET /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveprofile.md): Retrieves the attributes for an authenticated user in the Zephr user store. In addition to the standard authenticators, this endpoint also accepts an OAuth bearer token through the Authorization header. The response will only include publicly accessible user attributes.

## Sets the attributes for an authenticated user in the Zephr user store.

 - [PUT /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/saveprofile.md): Sets the attributes for an authenticated user in the Zephr user store. The provided attributes are saved for the user. Any existing attributes for the user are removed and replaced with this new set.

## Updates the attributes for an authenticated user in the Zephr user store.

 - [POST /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/updateprofile.md): Updates the attributes for an authenticated user in the Zephr user store. The behaviour for the POST and PATCH methods on this endpoint is identical. The provided attributes are saved for the user. Any new attributes are added. Any existing attributes with the same keys are updated. Any existing attributes with different keys remain unchanged. The request can also include an optional 'blaize-validator' property to authenticate a previously partially registered user.

## Updates the attributes for an authenticated user in the Zephr user store.

 - [PATCH /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/updateprofilepatch.md): Updates the attributes for an authenticated user in the Zephr user store. The behaviour for the POST and PATCH methods on this endpoint is identical. The provided attributes are saved for the user. Any new attributes are added. Any existing attributes with the same keys are updated. Any existing attributes with different keys remain unchanged. The request can also include an optional 'blaize-validator' property to authenticate a previously partially registered user.

## Retrieve Extended Profile

 - [GET /blaize/profile/{appId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveextendedprofile.md): Extended Profile is used to store additional user information that is not part of the core profile. This endpoint is designed to be used for retrieving the user's Extended Profile. The body can be any valid JSON.

## Save Extended Profile

 - [PUT /blaize/profile/{appId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/saveextendedprofile.md): Extended Profile is used to store additional user information that is not part of the core profile. This endpoint will create an Extended Profile for the App ID if one did not exist already, or overwrite an existing Extended Profile for the App ID. The body can be any valid JSON.

## Create an authorization challenge

 - [POST /blaize/authorization/challenge](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/createauthorizationchallenge.md): Authorization Challenge against array of entitlement IDs.

## Retrieve the user schema

 - [GET /blaize/schema/users](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveuserschema.md): Retrieves the user attribute schema for the tenant. This includes all fields configured in the admin console for the user schema.

## Fingerprint

 - [GET /blaize/browser-fingerprint](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/browserfingerprint.md): Returns an HTML page that fingerprints the user's browser, sends the fingerprint data to POST /blaize/anonymous-session,
and then redirects the user to a specified path provided as a query parameter (defaulting to '/').

## Start the email update flow for a passwordless user

 - [POST /blaize/users/update-email-passwordless/{state}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/startupdateemailpasswordless.md): Starts the email update flow for a passwordless user. An email will be sent to the new email address for verification.

## Start two factor authentication process

 - [POST /blaize/two-factor-authentication](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/start2fa.md): Starts the two factor authentication process. An email will be sent to the email address provided in the request with a link to complete the process.

## Recognise the user as a previously logged-in user

 - [POST /zephr/recognise-me](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/recogniseuser.md): Recognises the user as a previously logged-in user. Users can be fingerprinted on login
based on their email address, their user agent and their IP address. This endpoint can then be used
with the same parameters to give users a limited access to their logged-in experience. This is an opt-in feature.

## Complete the change password flow

 - [GET /zephr/users/change-password/{otp}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/changecompletepasswordflow.md): Complete the change password flow. This endpoint changes the password to the one submitted previously in another request. The otp in this request is used to match this request with the previous one that started the flow and submitted the new password.