> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# User management

> Learn how to manage user accounts, attributes, and data in Authsignal using Server SDK

Authsignal provides comprehensive user management capabilities through Server SDKs and APIs, allowing you to create, retrieve, update, and delete user accounts and their associated data.

## User lifecycle

### How users are created

In Authsignal, users are **automatically created** when you first track an action for them. There's no separate user creation endpoint - simply start tracking actions with a unique `userId` and Authsignal will create the user record.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
    action: "signIn",
    attributes: {
      email: "jane.smith@authsignal.com",
    },
  };

  const response = await authsignal.track(request);

  const token = response.token;
  ```

  ```csharp C# theme={null}
  var request = new TrackRequest(
      UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      Action: "signIn",
      Attributes: new TrackAttributes(
          Email: "jane.smith@authsignal.com",
      )
  );

  var response = await authsignal.Track(request);

  var token = response.token;
  ```

  ```java Java theme={null}
  TrackRequest request = new TrackRequest();
  request.userId = "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833";
  request.action = "signIn";
  request.attributes = new TrackAttributes();
  request.attributes.email = "jane@authsignal.co";

  TrackResponse response = authsignal.track(request).get();

  String token = response.token;
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.track({
    user_id: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
    action: "signIn",
    attributes: {
      email: "jane.smith@authsignal.com",
    }
  })

  token = response.token
  ```

  ```python Python theme={null}
  response = authsignal.track(
      user_id="dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      action="signIn",
      attributes={
          "email": "jane.smith@authsignal.com",
      }
  )

  token = response.token
  ```

  ```php PHP theme={null}
  $response = Authsignal::track([
      'userId' => "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      'action' => "signIn",
      'attributes' => [
          'email' => "jane.smith@authsignal.com",
      ]
  ]);

  $token = response.token
  ```

  ```go Go theme={null}
  response, err := client.Track(
      TrackRequest{
          UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
          Action: "signIn",
          Attributes: &TrackAttributes{
              Email: "jane.smith@authsignal.com",
          },
      },
  )

  token := response.token
  ```
</CodeGroup>

When you track an action for a new `userId`, Authsignal will:

* Create a new user record automatically
* Associate any provided attributes (email, phone number, etc.) with the user
* Return the action response based on your configured rules

## User operations

### Get user information

Retrieve detailed information about a user, including their enrollment status and attributes.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  };

  const response = await authsignal.getUser(request);

  const isEnrolled = response.isEnrolled;
  ```

  ```csharp C# theme={null}
  var request = new GetUserRequest(
      UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833"
  );

  var response = await authsignal.GetUser(request);

  var isEnrolled = response.IsEnrolled;
  ```

  ```java Java theme={null}
  UserRequest request = new GetUserRequest();
  request.userId = "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833";

  GetUserResponse response = authsignal.getUser(request).get();

  boolean isEnrolled = response.isEnrolled;
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.get_user(user_id: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833")

  is_enrolled = response[:is_enrolled]
  ```

  ```python Python theme={null}
  response = authsignal.get_user(
      user_id="dc58c6dc-a1fd-4a4f-8e2f-846636dd4833"
  )

  is_enrolled = response["is_enrolled"]
  ```

  ```PHP PHP theme={null}
  $response = Authsignal::getUser([
      'userId' => "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833"
  ]);

  $isEnrolled = $response["isEnrolled"];
  ```

  ```go Go theme={null}
  response, err := client.GetUser(
      GetUserRequest{
          UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      },
  )


  isEnrolled := response.IsEnrolled != nil && *response.IsEnrolled
  ```
</CodeGroup>

The response includes:

* **`isEnrolled`** - Whether the user has enrolled at least one authentication method
* **User attributes** - Email, phone number, username, display name
* **Allowed verification methods** - Which authentication methods the user can enroll
* **Enrolled verification methods** - Which authentication methods the user has enrolled
* **Default verification method** - The authentication method that will be used for the user's next action
* **Custom** - Custom data points to use with rules

### Update user attributes

Update user information and attributes. Any fields not provided in the request will remain unchanged.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
    attributes: {
      email: "jane.smith@authsignal.com",
      phoneNumber: "+64270000000",
      displayName: "Jane Smith",
    },
  };

  const updatedAttributes = await authsignal.updateUser(request);
  ```

  ```csharp C# theme={null}
  var request = new UserRequest(
      UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      Attributes: new UserAttributes(
          Email: "jane.smith@authsignal.com",
          PhoneNumber: "+64270000000",
          DisplayName: "Jane Smith"
      )
  );

  var updatedAttributes = await authsignal.UpdateUser(request);
  ```

  ```java Java theme={null}
  UpdateUserRequest request = new UpdateUserRequest();
  request.userId = "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833";
  request.attributes = new UserAttributes();
  request.attributes.email = "jane.smith@authsignal.com";
  request.attributes.phoneNumber = "+64270000000";
  request.attributes.displayName = "Jane Smith";

  UserAttributes updatedAttributes = authsignal.updateUser(request).get();
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.update_user(
      user_id: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      attributes: {
          email: "jane.smith@authsignal.com",
          phone_number: "+64270000000",
          display_name: "Jane Smith"
      })
  ```

  ```python Python theme={null}
  response = authsignal.update_user(
      user_id="dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      attributes={
          "email": "jane.smith@authsignal.com",
          "phoneNumber": "+64270000000",
          "displayName": "Jane Smith"
      }
  )
  ```

  ```PHP PHP theme={null}
  $response = Authsignal::updateUser([
      'userId' => "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      'attributes' => [
          "email" => "jane.smith@authsignal.com",
          "phoneNumber" => "+64270000000",
          "displayName" => "Jane Smith",
      ]
  ]);
  ```

  ```go Go theme={null}
  updatedAttributes, err := client.UpdateUser(
      UpdateUserRequest{
          UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
          Attributes: &UserAttributes{
              Email:       "jane.smith@authsignal.com",
              PhoneNumber: "+64270000000",
              DisplayName: "Jane Smith",
          },
      },
  )
  ```
</CodeGroup>

#### Available user attributes

| Attribute     | Type   | Description                                             |
| ------------- | ------ | ------------------------------------------------------- |
| `email`       | string | User's email address                                    |
| `phoneNumber` | string | User's phone number in E.164 format (e.g., +1234567890) |
| `username`    | string | Primary identifier for passkeys (usually email address) |
| `displayName` | string | Display name for passkeys (usually full name)           |
| `custom`      | object | Custom data points to use with rules                    |

<Info>
  **Custom attributes for rules**

  The `custom` field allows you to store additional user data that can be used in [Authsignal rules](/actions-rules/rules/custom-data-points). For example, you might store user tier, account type, or other business-specific attributes.
</Info>

### Delete user

Permanently delete a user and all their associated data, including authenticators and action history.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  };

  await authsignal.deleteUser(request);
  ```

  ```csharp C# theme={null}
  var request = new DeleteUserRequest(
      UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833"
  );

  await authsignal.DeleteUser(request);
  ```

  ```java Java theme={null}
  DeleteUserRequest request = new DeleteUserRequest();
  request.userId = "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833";

  authsignal.deleteUser(request).get();
  ```

  ```ruby Ruby theme={null}
  Authsignal.delete_user(user_id: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833")
  ```

  ```python Python theme={null}
  authsignal_client.delete_user(user_id="dc58c6dc-a1fd-4a4f-8e2f-846636dd4833")
  ```

  ```PHP PHP theme={null}
  Authsignal::deleteUser(userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833");
  ```

  ```go Go theme={null}
  err := authsignal.DeleteUser(
    client.UserRequest{
      UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
    },
  )
  ```
</CodeGroup>

<Warning>
  User deletion is irreversible and will remove:

  * The user record
  * All enrolled authenticators
  * All action history
  * All associated session data

  Consider the implications carefully before implementing user deletion in production.
</Warning>

## User attributes and data

### Contact information

Authsignal stores and manages contact information for authentication purposes:

* **Email address** - Used for email OTP and magic link authentication
* **Phone number** - Used for SMS/WhatsApp OTP authentication
* Must be in E.164 format (e.g., `+1234567890`)

### Passkey identifiers

For passkey authentication, Authsignal uses specific identifiers:

* **Username** - Primary identifier that uniquely identifies the user.
* **Display name** - Optional secondary identifier displayed to users to help them recognize the passkey (e.g., the user's full name).

### Custom data for rules

Store additional user attributes in the `custom` field to use with [Authsignal rules](/actions-rules/rules/custom-data-points):

```json theme={null}
{
  "custom": {
    "userTier": "premium",
    "accountType": "business",
    "riskScore": 25
  }
}
```
