Creates a new user. Your user management settings determine how you should setup your user model. Any email address and phone number created using this method will be marked as verified. Note: If you are performing a migration, check out our guide on zero downtime migrations. A rate limit rule of 20 requests per 10 seconds is applied to this endpoint.
Fetch the corresponding OAuth access token for a user that has previously authenticated with a particular OAuth provider. For OAuth 2.0, if the access token has expired and we have a corresponding refresh token, the access token will be refreshed transparently the new one will be returned.
Update a user’s attributes. You can set the user’s primary contact identifiers (email address and phone numbers) by updating the primary_email_address_id and primary_phone_number_id attributes respectively. Both IDs should correspond to verified identifications that belong to the user. You can remove a user’s username by setting the username attribute to null or the blank string "". This is a destructive action; the identification will be deleted forever. Usernames can be removed only if they are optional in your instance settings and there’s at least one other identifier which can be used for authentication.
Update a user’s metadata attributes by merging existing values with the provided parameters. This endpoint behaves differently than the Update a user endpoint. Metadata values will not be replaced entirely. Instead, a deep merge will be performed. Deep means that any nested JSON objects will be merged as well. You can remove metadata keys at any level by setting their value to null.
Verify that the provided TOTP or backup code is valid for the user. Verifying a backup code will result it in being consumed (i.e. it will become invalid). Useful for custom auth flows and re-verification.