Update and Block User
Modify a previously created user's profile fields — name, contact, address, business info.
Info
Purpose: These endpoints allow Sovera clients to update the existing user data for both natural persons (EndUserIntegrated, EndUserDelegated) and legal entities (MerchantUserIntegrated, MerchantUserDelegated). They are primarily used to manage compliance-related information, contact updates, or minor corrections to existing records. Certain fields—such as identifiers, userId, and wallet relations—cannot be modified through this call.
Update End User
This endpoint updates user information for EndUserIntegrated and EndUserDelegated records. The body replicates the schema of the creation endpoint but omits fields that cannot be modified (e.g., identifiers, wallet data, and creation timestamps).
{
"userId": "string",
"email": "string",
"firstName": "string",
"lastName": "string",
"alias": "string",
"occupation": "string",
"placeOfWork": "string",
"pep": false,
"salary": 200000,
"telephone": "+50760001234",
"address": {
"addressLine1": "123 Main Street",
"addressLine2": "Tower B, Apt 12B",
"homeNumber": "12B",
"city": "Panama",
"region": "Panama Metropolitan Area",
"postalCode": "000000",
"country": "PA"
},
"nationality": "PA",
"countryOfOperations": "PA, US"
"idUrlFront": "string",
"idUrlBack": "string",
"residenceProofUrl": "string"
}{
"success": true,
"data": {
"userId": "string",
"email": "string",
"firstName": "string",
"lastName": "string",
"alias": "string",
"occupation": "string",
"placeOfWork": "string",
"pep": false,
"salary": 200000,
"telephone": "+50760001234",
"address": {
"addressLine1": "123 Main Street",
"addressLine2": "Tower B, Apt 12B",
"homeNumber": "12B",
"city": "Panama",
"region": "Panama Metropolitan Area",
"postalCode": "000000",
"country": "PA"
},
"nationality": "PA",
"countryOfOperations": "PA, US"
"idUrlFront": "string",
"idUrlBack": "string",
"residenceProofUrl": "string"
},
"meta": {
"timestamp": "2026-06-04T17:50:15.334Z",
"version": "v2",
"traceId": "73a5d32a-f92c-41eb-af8d-d7c6435f9a06"
}
}Note:
The update request only changes provided fields.
Any omitted fields remain unchanged.
The system validates each updated field according to the same format and type rules described in the User Creation chapter.
Editable Fields
| Field | Description | Editable | Notes |
|---|---|---|---|
email | Contact email | ✅ | Must follow RFC-5322 format |
firstName, lastName | User's legal name | ⚠️ Conditionally | Only allowed for compliance updates |
alias | Emboss alias | ✅ | Must comply with ITU-T.50 and ≤ 22 chars |
occupation, placeOfWork | Job-related fields | ✅ | May be required for updated KYC |
pep | Politically exposed person flag | ✅ | Boolean |
salary | Updated salary in cents | ✅ | Integer, USD cents |
telephone | E.164 format | ✅ | Example: +50760001234 |
address.* | All subfields | ✅ | See creation schema |
nationality | ISO alpha-2 code | ✅ | |
countryOfOperations | ISO alpha-2, comma-separated | ✅ |
Non-Editable Fields
| Field | Reason |
|---|---|
userId | Immutable primary key |
walletId | System-generated |
kycUrl | Tied to KYC process |
isActive | Controlled by compliance logic |
creationDate | Immutable |
Validation & Error Handling
Errors follow the same format as user creation. See “Field Requirements” in the creation chapter for detailed validation.
| HTTP Code | Type | Description |
|---|---|---|
200 | OK | Update accepted |
422 | VALIDATION_ERROR | Field missing or invalid |
422 | Business Rule Violation | Attempt to modify restricted field |
500 | Internal Error | Unexpected error on server side |
{
"success": false,
"errors": [
{ "code": "VALIDATION_ERROR", "message": "Attempted update of read-only field: walletId", "field": "walletId" }
],
"meta": {
"timestamp": "2026-06-04T17:50:15.334Z",
"version": "v2",
"traceId": "73a5d32a-f92c-41eb-af8d-d7c6435f9a06"
}
}Update Merchant User
This endpoint updates user information for MerchantUserIntegrated and MerchantUserDelegated (legal entity users). It allows for controlled modification of business or compliance information, maintaining immutable identifiers and KYB-linked attributes.
{
"userId": "string",
"email": "string",
"registeredName": "string",
"taxId": "string",
"legalRepresentation": "string",
"kindOfBusiness": "string",
"telephone": "+50760001234",
"address": {
"addressLine1": "Avenue 5, Building 14",
"addressLine2": "Suite 200",
"city": "Panama City",
"region": "Panama",
"postalCode": "000000",
"country": "PA"
},
"firstName": "John",
"lastName": "Smith",
"nationality": "PA",
"countryOfOperations": "PA, US",
"businessLicense": "https://cdn.server.com/docs/businessLicense.pdf",
"registerShareholder": "https://cdn.server.com/docs/registerShareholder.pdf"
}{
"success": true,
"data": {
"merchantUserId": "string",
"email": "string",
"registeredName": "string",
"taxId": "string",
"legalRepresentation": "string",
"kindOfBusiness": "string",
"telephone": "+50760001234",
"address": {
"addressLine1": "Avenue 5, Building 14",
"addressLine2": "Suite 200",
"city": "Panama City",
"region": "Panama",
"postalCode": "000000",
"country": "PA"
},
"firstName": "John",
"lastName": "Smith",
"nationality": "PA",
"countryOfOperations": "PA, US",
"businessLicense": "https://cdn.server.com/docs/businessLicense.pdf",
"registerShareholder": "https://cdn.server.com/docs/registerShareholder.pdf"
},
"meta": {
"timestamp": "2026-06-04T17:50:15.334Z",
"version": "v2",
"traceId": "73a5d32a-f92c-41eb-af8d-d7c6435f9a06"
}
}Editable Fields
| Field | Description | Editable | Notes |
|---|---|---|---|
email | Business email | ✅ | RFC-5322 format |
registeredName | Legal entity name | ⚠️ | Can trigger compliance check |
legalRepresentation | Legal representative | ✅ | Must match ITU-T.50 |
kindOfBusiness | Business type or code | ✅ | |
telephone | Contact phone | ✅ | E.164 format |
address.* | Address components | ✅ | |
firstName, lastName | Natural representative | ✅ | Same rules as creation |
nationality, countryOfOperations | Country data | ✅ | ISO alpha-2 format |
businessLicense, registerShareholder, certificateOfGoodStanding, idShareholders, addressVerificationShareholders | Document URLs | ✅ | HTTPS URLs (PDF/JPG/PNG) between 5kb–10mb |
Non-Editable Fields
| Field | Reason |
|---|---|
merchantUserId | Immutable primary key |
walletId | System-generated |
isActive | Controlled by KYB compliance |
creationDate | Immutable timestamp |
Validation & Error Handling
| HTTP Code | Type | Description |
|---|---|---|
200 | OK | Update accepted |
422 | VALIDATION_ERROR | Field missing or invalid |
422 | Business Rule Violation | Attempt to modify restricted field |
500 | Internal Error | Unexpected error on server side |
{
"success": false,
"errors": [
{ "code": "VALIDATION_ERROR", "message": "Attempted update of read-only field: taxId", "field": "taxId" }
],
"meta": {
"timestamp": "2026-06-04T17:50:15.334Z",
"version": "v2",
"traceId": "73a5d32a-f92c-41eb-af8d-d7c6435f9a06"
}
}Notes & Recommendations
-
Partial updates are allowed — only the provided keys are modified.
-
Changes to sensitive fields (e.g.,
registeredName,legalRepresentation) may trigger manual review by Sovera’s compliance team. -
All updates are versioned internally and may be audited on request.
-
Document URLs must remain valid for at least 24 hours post-update.
Block User
Blocks a user by userId, deactivating the account. A blocked user cannot operate (transactions or card usage) until unblocked. The response confirms the user and its resulting active status.
{
"userId": "string"
}{
"success": true,
"data": {
"userId": "string",
"isActive": false
},
"meta": {
"timestamp": "2026-06-04T17:50:15.334Z",
"version": "v2",
"traceId": "73a5d32a-f92c-41eb-af8d-d7c6435f9a06"
}
}Unblock User
Reactivates a previously blocked user by userId. The response confirms the user and its resulting active status.
{
"userId": "string"
}{
"success": true,
"data": {
"userId": "string",
"isActive": true
},
"meta": {
"timestamp": "2026-06-04T17:50:15.334Z",
"version": "v2",
"traceId": "73a5d32a-f92c-41eb-af8d-d7c6435f9a06"
}
}Compliance Reminder: The purpose of these endpoints is to keep user data up-to-date for ongoing KYC/KYB compliance. Any misuse or attempt to alter identity or ownership data outside authorized flows may result in rejection or account suspension.