User Profile

The User Profile object

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "John Doe",
  "given_name": "John",
  "family_name": "Doe",
  "auth_types": [
    "password",
    "phone_number_password"
  ],
  "devices": [
    "iPhone 14 Pro",
    "MacBook Air M2",
    "Samsung Galaxy Tab S8"
  ],
  "enroll_phone_number_as_mfa_credential": false,
  "enroll_email_as_mfa_credential": false,
  "username": "jdoe",
  "nickname": "Johnny",
  "birthdate": "1983-11-13",
  "age": 33,
  "custom_identifier": "rollingUser1",
  "email": "john.doe@example.com",
  "email_verified": true,
  "has_leaked_credentials": false,
  "emails": {
    "verified": [
      "john.doe@example.com"
    ],
    "unverified": [
      "other@example.com"
    ]
  },
  "password_hash": "$2a$13$A3BmaewEhI/lgxGsXoPATeKhxh1ToRG5r1eES76bVns4P4jAv0f/O",
  "gender": "male",
  "phone_number": "+33612345678",
  "phone_number_verified": false,
  "picture": "https://graph.facebook.com/10154..8019865/picture",
  "profile_url": "https://www.facebook.com/app_scoped_user_id/10154..019865/",
  "addresses": [
    {
      "id": 0,
      "to_delete": true, (1)
      "default": true,
      "address_type": "billing",
      "street_address": "10 rue Chaptal",
      "address_complement": "4 étage",
      "locality": "Paris",
      "postal_code": "75009",
      "region": "Île-de-France",
      "country": "France",
      "recipient": "Matthieu Winoc",
      "phone_number": "0723538943",
      "custom_fields": {
        "custom_field_example": "example_string",
        "custom_field_example_2": "example_string_2"
      }
    }
  ],
  "credentials":[
    {
      "created_at": "2021-04-12T15:18:30.612129Z",
      "phone_number": "+33612345678",
      "friendly_name": "my MFA phone number",
      "type": "sms"
    },
    {
      "created_at": "2022-05-12T12:22:33.162029Z",
      "email": "bob@example.com",
      "friendly_name": "my MFA email",
      "type": "email"
    }
  ],
  "identities":{
      "updated_at": "2021-05-18T14:28:25.682123Z",
      "created_at": "2021-04-12T15:18:30.612129Z",
      "provider": "google",
      "provider_variant": "Brand B",
      "user_id": "122548588103668578225",
      "id": "122548588103668578225",
      "username": "cool_gal@example.com"
  },
  "created_at": "2017-03-08T18:39:35.026123Z",
  "updated_at": "2018-08-12T12:54:09.631124Z",
  "first_login": "2017-03-08T18:39:35.026121Z",
  "last_login": "2018-08-12T12:54:09.631126Z",
  "logins_count": 53,
  "suspension_status": "permanent", (2)
  "suspension_information": { (2)
      "reason": "suspiciousUserNoGood"
  },
  "lockout_end_date": "2022-11-25T12:15:09.536Z",
  "origins": [
    "website",
    "game"
  ],
  "last_login_type": "facebook",
  "custom_fields": {
    "loyalty_card_number": "19872359235"
  },
  "consents": {
    "newsletter": {
        "consent_type": "doi",
        "granted": false,
        "date": "2018-05-25T15:41:09.671321Z",
        "waiting_double_accept": true,
        "consent_version": { (3)
          "version_id": 1,
          "language": "fr"
        }
      }
  },
  "facebook_ids_for_pages": [
    {
      "user_id": "649145309042062",
      "page_id": "931332113682072"
    }
  ],
  "external_id": "2977460",
  "provider_metadata": { (4)
    "kakaotalk": {
      "ci": "OUBQAU1Uc5WY…R/dLqvtWeVbL6r2BuT1S33A==",
      "ci_authenticated_at": "2022-01-24T08:41:03Z",
      "kakaotalk_age_range": "30~39"
    }
  }
}

1	Deleting an address only applies during an import.
2	When importing suspension information, the `status` is part of the `suspension_information` object. Otherwise, the `suspension_status` is standalone.
3	Displays the latest interaction with the user. For audit or history purposes, see the Consent logs.
4	The `provider_metadata` object contains important provider-related information.

User Profile fields

Table key

= importable into ReachFive
= sortable (with API via :desc or :asc)
= exportable

Jobs marked with export are exportable by both hooks (webhooks and pub/sub hooks) and jobs unless otherwise noted.

Name Description

id

string

The ReachFive user ID.

required scope= none

name

string

Full user name

required scope= profile

given_name

string

Given name(s) or first name(s).

required scope= profile

family_name

string

Surname(s) or last name(s).

required scope= profile

username

string

The username.

required scope= profile

auth_types

array of strings

An array showing active authentication types for the user.

password: If created during signup, login, or managed through a reset password or change password process, with the email as the identifier.
phone_number_password: Same as password, but using a phone number as the identifier.
magic_link: If OTP is used during the signup or login flow, with the email as the identifier.
sms: Same as magic_link, but using a phone number as the identifier.
webauthn: If biometrics are used during signup or login flow, or created when managing WebAuthn devices.
social providers: If the given provider is used during a signup or login flow, or for account linking. Examples of this are facebook, google, or even other identity providers like ping and okta.

Values are removed from the auth_types array in the following cases:

When a user unlinks from a social provider.
When a user removes all WebAuthn devices.
When a user deletes a password:

If a single password exists for both email and phone number, both password and phone_number_password are removed.

enroll_email_as_mfa_credential

Boolean to enroll a user for Multi-factor Authentication for email.

Defaults to false.

enroll_phone_number_as_mfa_credential

Boolean to enroll a user for Multi-factor Authentication for mobile (phone number).

Defaults to false.

middle_name

string

Middle name(s).

required scope= profile

nickname

string

The Casual name that may or may not be the same as the given_name.

required scope= profile

profile_url

string

The URL of one of the user’s profile page (usually a social provider’s page).

required scope= profile

picture

string

The URL of one of the user’s profile picture. This URL refers to an image file (for example, a PNG, JPEG, or GIF image file).

required scope= profile

email

string

The user’s primary email address.

required scope= email

email_verified

boolean

Boolean specifying whether the user’s email address has been verified.

required scope= email

emails

object

Emails object. User’s email addresses.

required scope= email

hook only

password_hash

string

The user’s encrypted (hashed) password.

The hash cannot be retrieved except for very specific cases. If you would like to learn more, please contact your ReachFive representative.

hook only

phone_number

string

User’s primary phone number.

required scope= phone

At ReachFive, we use a dedicated library to validate a user’s phone number.

Since January 2022, all newly-created accounts where no country code is provided at creation have their default country code set to FR (France).

For more details, check out Validating phone numbers.

phone_number_verified

boolean

Boolean specifying whether the user’s phone number has been verified.

required scope= phone

custom_identifier

string

A string that allows users to authenticate with something other than an email or phone_number. It’s important to note that an email and/or phone_number is still required to create a managed profile.

Field rules:

Each custom_identifier value must be unique.
The custom_identifier must be between 3-100 characters.
The custom_identifier cannot be an email or phone number.

required scope= profile

gender

string

The user’s gender. This field can take any value; however, when retrieved, ReachFive values it to male, female, or other.

required scope= profile

devices

array of strings

The devices a user has authenticated with.

required scope= profile

birthdate

string

The user’s birthdate represented as an ISO 8601 YYYY-MM-DD format.

required scope= profile

age

integer

An integer specifying the user’s age computed from birth date.

required scope= profile

company

string

The user’s company name (if applicable).

required scope= profile

addresses

array of objects

An array of address objects showing the user’s postal addresses.

required scope= address

identities

array of objects

An array of Identity objects listing the user’s provider identities.

required scope= profile

has_password

boolean

A boolean specifying whether user has a password.

required scope= profile

created_at

string

The date when the user was created.

required scope= profile

updated_at

string

The date when the user was last updated.

required scope= profile

first_login

string

The date of the user’s first login.

required scope= profile

last_login

string

The date of the user’s last login.

required scope= profile

lockout_end_date

string

Specifies the date and time when a user lockout ends.

required scope= profile

If the date is in the future, the user is locked out.
If the date is in the past, the lockout is over and the user is not locked out.
If the user has never been locked out, the field is empty.

logins_count

integer

An integer showing the number of logins for this user.

required scope= profile

has_leaked_credentials

boolean

Boolean specifying whether the user’s credentials are leaked or not. See Data Breach Detection: Users with leaked credentials for more details.

required scope= profile

last_login_type

string

The name of the authentication type used when user last logged in, (e.g., facebook, google, password).

required scope= profile

origins

array of strings

Array of strings which provide a list of origins.

required scope= profile

What is an origin? 🤔

An origin is the channel through which the user authenticated. This could be a website, or perhaps a mobile app. It is defined via user interaction and only authenticated profiles contain origins. This means lite profiles do not contain the field.

You can value this field via the Identity API, our SDKs, and through imports. However, the field cannot be valued through the Management API.

custom_fields

object

An object showing the user’s custom fields.

required scope= profile

consents

object

The user’s consents which is an object containing a series of fields: for each consent key, a Consent object.

required scope= profile

friends

array of objects

An array of Friend objects which is a list of user’s friends also linked to the same ReachFive account.

required scope= profile

hook only

facebook-id-for-pages

array of objects

An array of Facebook Page objects which is a list of page scoped facebook user ids.

required scope= profile

hook only

lite_only

boolean

A boolean specifying if the profile is LITE only.

required scope= profile

external_id

string

The unique identifier of the profile in your systems or Single Customer View. External IDs can only come from imports, the Management API, or the signup method.

required scope= profile

The external ID is usually your internal unified customer profile ID, before you integrate with ReachFive.

Loading this information into ReachFive is useful to progressively update your systems with the ReachFive profile ID, or, if you must continue to use this ID for specific purposes.

suspension_status

string

Specifies whether the suspension of the user is temporary or permanent.

required scope= profile

If the suspension_status of the user is temporary, they are able to reactivate with a password reset link. If their suspension_status is permanent, they must contact their account administrator to unsuspend and reactive their account. See User suspension for more details.

suspension_information

object

Object that provides specific information related to user suspension.

required scope= profile

provider_metadata

object

Object containing metadata from a specified provider. This includes things such as connecting information and user age ranges provided retrieved from the social provider.

required scope= profile

Emails object

Name Description

verified

array of strings

List of verified user’s email addresses.

Typically, a user has one email address for their account on your site. However, if a social profile is linked to their account, they may have multiple email addresses since it’s permissible to have a different email for the linked social account(s). In this case, the secondary email(s) are added to the emails.verified object.

unverified

array of strings

List of unverified email addresses.

Addresses object

The addresses object can be sorted with the Management API through the specific fields (like ..&sort=addresses.locality:asc). When sorted, the results are sorted by address for all users.

Table key: = sortable with API via :desc or :asc

Name Description

id

integer

ID of the address

to_delete

boolean

Boolean to specify whether the address should be deleted or not.

true = delete the address

This only applies to imports.

title

string

Title of the address

default

boolean

Boolean. true if the address is the default postal address of the user. Only a single address can be the default address.

address_type

string

Type of the address. Allowed values are delivery or billing.

street_address

string

Full street address component, which may include house number, street name, and extended street address information separated by new lines.

address_complement

string

A complementary address field which can contain additional information about the address.

This can be the floor, door number, or any other useful address information.

locality

string

City or locality.

region

string

State, province, prefecture, or region.

postal_code

string

Zip code or postal code.

country

string

Country name.

delivery_note

string

Additional note from the user for the delivery.

recipient

string

Name of the recipient located at these address.

company

string

Name of the company located at these address.

phone_number

string

Phone number of the contact point at these address (no format validation is required).

custom_fields

multiple

Custom fields specific to the addresses object.

Identities object

Table key: = filterable via the API

Name Description

Name	Description
`id` string	The unique ID. This is created from a concatenation of the `provider`, `:`, and the `user_id`. For example: `facebook:123456789`.
`provider` string	Name of the connected provider for this identity, in lowercase letters (`facebook`, `google`, etc.)
`provider_variant` string	Specifies the variant of a social provider. For example, a country or brand-specific variant for the provider. If there is no provider variant, this fields defaults to "default". Default example `... "provider": "google", "provider_variant": "default", ...`
`user_id` string	User’s unique identifier of the provider.
`created_at` string	Date when this identity was linked to the profile.
`updated_at` string	Date when this identity was last updated.
`username` string	User’s username with the specified provider.

id

string

The unique ID. This is created from a concatenation of the provider, :, and the user_id. For example: facebook:123456789.

provider

string

Name of the connected provider for this identity, in lowercase letters (facebook, google, etc.)

provider_variant

string

Specifies the variant of a social provider. For example, a country or brand-specific variant for the provider.

If there is no provider variant, this fields defaults to "default".

Default example

...
"provider": "google",
"provider_variant": "default",
...

user_id

string

User’s unique identifier of the provider.

created_at

string

Date when this identity was linked to the profile.

updated_at

string

Date when this identity was last updated.

username

string

User’s username with the specified provider.

Suspension information object

Name Description

reason

string

The reason why the user was suspended.

If desired, you can hide the suspension reason. For more, see Data Breach Detection.

status

string

Specifies whether the suspension of the user is temporary or permanent.

When importing suspension information, the status should be part of the suspension_information object. Otherwise, the suspension_status is a standalone field.

Consents object

Displays the latest interaction with the user. For audit or history purposes, see the Consent logs.

Example:

Lily accepts Consent C (Version 1, Language FR) on the 18th June, 2025 .
She then accepts Consent C (Version 1, Language EN) on the 30th June, 2025 .

Lily’s profile will only contain the Consent C (Version 1, Language EN) accepted on the 30th June, 2025 and won’t have the information that FR was accepted as well.

Name Description

consent_type

string

Consents type: opt-in or opt-out.

granted

boolean

Whether the consent has been granted or not.

date

string

Consent date. This reflects the latest date when the granted or consent_version field was valued.

If a consent is updated, but the granted and/or consent_version field is unchanged, the date field remains the same as well. However, if either the granted or consent_version field is changed, the date then reflects the date of that change and a consent log is created.

waiting_double_accept

boolean

Whether we are still awaiting the double opt-in confirmation from the user.

This is only applicable to consents with a consent type of doi (Double opt-in consents).

consent_version

object

The consent version. This is an object containing a version ID and language.

Field Description

version_id

string

Specifies the consent version.

language

string

Specifies the default language of the consent.

reporter

string

Specifies the reporter who made the modification. For example, this could be an administrator for your site or even an import being executed.

This is an optional field and isn’t always applicable.

Friends object

Name Description

Name	Description
`id` string	ReachFive identifier.
`name` string	Full name.
`given_name` string	Given name
`family_name` string	Family name
`gender` string	Gender

id

string

ReachFive identifier.

name

string

Full name.

given_name

string

Given name

family_name

string

Family name

gender

string

Gender

Facebook page object fields

Name Description

Name	Description
`user_id` string	Page scoped user identifier.
`page_id` string	Facebook page identifier.

user_id

string

Page scoped user identifier.

page_id

string

Facebook page identifier.

MFA credentials object

The MFA credentials object contains information related to the MFA second factor for the user.

The MFA credentials can only be retrieved by dedicated MFA endpoints and methods. These include:

Table key: = filterable via the API

Name Description

credentials

array of objects

An array of objects containing the MFA second factor credentials.

Property Description

created_at

string

The timestamp for when the MFA second factor was created.

phone_number

string

The phone number used for the MFA second factor.

email

string

The email used for the MFA second factor.

type

string

Specifies the second factor type. This is either email or sms.

friendly_name

string

The label for the MFA second factor credential.

Custom fields

The required scope must be declared when creating custom fields.