custom_data stores additional user info not listed in the pre-defined user properties.
You can use custom_data to do the following things:
- Record whether specific actions have been done by the user, such as having seen the welcome page.
- Store application-specific data in the user profile, such as the user's preferred language and appearance per application.
- Maintain other arbitrary data related to the user.
Sample custom_data from an admin user in Logto:
Each user's custom_data is stored in an individual JSON object.
You may fetch a user profile containing custom_data using Management API and send it to the frontend apps or external backend services. Therefore, putting the sensitive information in custom_data may cause data leaks.
If you still want to put the sensitive information in custom_data, we recommend encrypting it first. Only encrypt/decrypt it in a trusted party like your backend services, and avoid doing it in the frontend apps. These will minimize the loss if your users' custom_data is leaked by mistake.
You can update the user's custom_data using
Admin Console or
Updating a user's custom_data will completely overwrite its original content in the storage.
For example, if your input of calling update custom_data API looks like this (suppose that the original custom_data is previous shown sample data):
then new custom_data value after updating should be:
That is, the updated field value has nothing to do with the previous value.