Restriction on Updating Multiple Core User Attributes Simultaneously via Auth0 Management API

User Management
Apr 2, 2026
Overview

This article explains the restriction on updating multiple core user attributes simultaneously.

Applies To
  • Management API
  • Update a User
  • User Profile Management
Solution

As part of the specification for the Update a User API, the following attributes cannot be updated simultaneously in a single request:

  • password and email

  • password and email_verified

  • username and email

  • username and email_verified

  • username and password

 

This is the intended behavior and is also documented in the Response Messages section of the API documentation.

A 400 error message is received for any of the following attempts:

  • 400 Cannot update password and email simultaneously.

  • 400 Cannot update password and email_verified simultaneously.

  • 400 Cannot update username and email simultaneously.

  • 400 Cannot update username and email_verified simultaneously.

  • 400 Cannot update username and password simultaneously.

The primary reason for these restrictions is to ensure data integrity. To update multiple attributes, such as a password and email, please send separate API requests for each. Ensure the first request completes successfully before initiating the second.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community