Breaking Change (October 2024) Stepup required for patching an authorised user

October 16, 2024 · One min read

To mitigate against security risks, we are now requiring the user who is updating an authorised user to step-up their token.

Effective:

28 October 2024 on Sandbox
29 October 2024 on Live

Creating and updating user continues to be an operation that can be performed by a user that has either an Admin role or a User Manager role, or both. More about roles can be found in our documentation.

Action required

Review and update your application logic to accommodate the update a user endpoint that requires a stepped up token. If your user is trying to update a user and the token is not stepped up, you need to handle the new HTTP 403 STEP_UP_REQUIRED error code. This will help prevent any disruptions to your integration.

If no action is taken

If no action is taken, your application will encounter issues when updating an authorised user.

stepup

More details on how to step-up a token are available in our documentation.

Affected API endpoint:

PATCH/users/{users_id}

Action required​

If no action is taken​

Action required

If no action is taken