Breaking Change (28 October 2024) Stepup required for patching an authorized user

As mentioned in our previous update, to mitigate against security risks, we are now requiring the user who is updating an authorized userAuthorized User An individual that has been invited by the root user to manage an identity's instruments and transactions. They are not the legal owner of the identity but can be granted access to perform operations on behalf of the identity. For corporates, card assignees are created as Authorized Users. US-English variant of _Authorised User_. to step-up their token.

Effective:

• 28 October 2024 on Sandbox
• 29 October 2024 on Live

Creating and updating user continues to be an operation that can be performed by a user that has an Admin role. More about roles can be found in our documentation.

Action required

Review and update your application logic to accommodate the update a user endpoint that requires a stepped up token. If your user is trying to update a user and the token is not stepped up, you need to handle the new HTTP 403 STEP_UP_REQUIRED error code. This will help prevent any disruptions to your integration.

If no action is taken

If no action is taken, your application will encounter issues when updating an authorized userAuthorized User An individual that has been invited by the root user to manage an identity's instruments and transactions. They are not the legal owner of the identity but can be granted access to perform operations on behalf of the identity. For corporates, card assignees are created as Authorized Users. US-English variant of _Authorised User_..

stepup

More details on how to step-up a token are available in our documentation.

Affected API endpoint:

• PATCH/users/{users_id}