Authsignal provides comprehensive user management capabilities through Server SDKs and APIs, allowing you to create, retrieve, update, and delete user accounts and their associated data.

User lifecycle

How users are created

In Authsignal, users are automatically created when you first track an action for them. There’s no separate user creation endpoint - simply start tracking actions with a unique userId and Authsignal will create the user record. 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  action: "signIn",
  attributes: {
    email: "jane@authsignal.com",
  },
};

const response = await authsignal.track(request);

const token = response.token;
When you track an action for a new userId, Authsignal will:
  • Create a new user record automatically
  • Associate any provided attributes (email, phone number, etc.) with the user
  • Return the action response based on your configured rules

User operations

Get user information

Retrieve detailed information about a user, including their enrollment status and attributes. 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
};

const response = await authsignal.getUser(request);

const isEnrolled = response.isEnrolled;
The response includes:
  • isEnrolled - Whether the user has enrolled at least one authentication method
  • User attributes - Email, phone number, username, display name
  • Allowed verification methods - Which authentication methods the user can enroll
  • Enrolled verification methods - Which authentication methods the user has enrolled
  • Default verification method - The authentication method that will be used for the user’s next action
  • Custom - Custom data points to use with rules

Update user attributes

Update user information and attributes. Any fields not provided in the request will remain unchanged. 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  attributes: {
    email: "jane.smith@authsignal.com",
    phoneNumber: "+64271234567",
    username: "jane.smith@authsignal.com",
    displayName: "Jane Smith",
  },
};

const updatedAttributes = await authsignal.updateUser(request);

Available user attributes

AttributeTypeDescription
emailstringUser’s email address
phoneNumberstringUser’s phone number in E.164 format (e.g., +1234567890)
usernamestringPrimary identifier for passkeys (usually email address)
displayNamestringDisplay name for passkeys (usually full name)
customobjectCustom data points to use with rules
Custom attributes for rulesThe custom field allows you to store additional user data that can be used in Authsignal rules. For example, you might store user tier, account type, or other business-specific attributes.

Delete user

Permanently delete a user and all their associated data, including authenticators and action history. 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
};

await authsignal.deleteUser(request);
User deletion is irreversible and will remove:
  • The user record
  • All enrolled authenticators
  • All action history
  • All associated session data
Consider the implications carefully before implementing user deletion in production.

User attributes and data

Contact information

Authsignal stores and manages contact information for authentication purposes:
  • Email address - Used for email OTP and magic link authentication
  • Phone number - Used for SMS/WhatsApp OTP authentication
  • Must be in E.164 format (e.g., +1234567890)

Passkey identifiers

For passkey authentication, Authsignal uses specific identifiers:
  • Username - Primary identifier that uniquely identifies the user.
  • Display name - Optional secondary identifier displayed to users to help them recognize the passkey (e.g., the user’s full name).

Custom data for rules

Store additional user attributes in the custom field to use with Authsignal rules: 
{
  "custom": {
    "userTier": "premium",
    "accountType": "business",
    "riskScore": 25
  }
}

Next steps