Custom data
custom_data stores additional user info not listed in the pre-defined user properties.
You can use custom_data to do the following things:
- Record whether specific actions have been done by the user, such as having seen the welcome page.
- Store application-specific data in the user profile, such as the user's preferred language and appearance per application.
- Maintain other arbitrary data related to the user.
Sample custom_data from an admin user in Logto:
{
"adminConsolePreferences": {
"language": "en",
"appearanceMode": "system",
"experienceNoticeConfirmed": true
},
"customDataFoo": {
"foo": "foo"
},
"customDataBar": {
"bar": "bar"
}
}
Each user's custom_data is stored in an individual JSON object.
You may fetch a user profile containing custom_data using Management API and send it to the frontend apps or external backend services. Therefore, putting the sensitive information in custom_data may cause data leaks.
If you still want to put the sensitive information in custom_data, we recommend encrypting it first. Only encrypt/decrypt it in a trusted party like your backend services, and avoid doing it in the frontend apps. These will minimize the loss if your users' custom_data is leaked by mistake.
You can update the user's custom_data using
Admin Console or
Management API,
such as PATCH /api/users/:userId.
Updating a user's custom_data will completely overwrite its original content in the storage.
For example, if your input of calling update custom_data API looks like this (suppose that the original custom_data is previous shown sample data):
{
"customDataBaz": {
"baz": "baz"
}
}
then new custom_data value after updating should be:
{
"customDataBaz": {
"baz": "baz"
}
}
That is, the updated field value has nothing to do with the previous value.