Updating/Creating Users Fails with "Fields with \".\" are not Allowed, Please Remove all Dotted Fields" Error

Problem statement

This article explains how to resolve the following error while using the Authentication API Debugger.

Fields with \".\" are not allowed, please remove all dotted fields.

Example: https://realtor.com/tenant".


The error has nothing to do with Authentication API Debugger.
The error is returned by the PATCH /api/v2/users/{id} endpoint of Management API when updating the user Metadata in Rules/Actions.


The field names must not contain the . (dot) or $ (dollar sign) characters.


Remove the . (dot) or $ (dollar sign) characters from the field names in the user_metadata or app_metadata.

  • Perform this action using the Management API to update the metadata.
    • Updating metadata in the Tenant Dashboard will not work.
  1. You can use the Management API Explorer or any API client (e.g., Postman) you prefer to make the Management API call.
  1. Use the PATCH /api/v2/users/{id} endpoint to remove the user’s app_metadata (you can get the user_id from the tenant dashboard).
  "app_metadata": {}
  • Setting the app_metadata to an empty object will delete the app_metadata completely.​​​​
  • Delete user metadata
  1. Use the PATCH /api/v2/users/{id} endpoint again to add the user’s app_metadata with desired value:
  • (If you don’t need the app_metadata anymore, skip this step)
    "app_metadata": {
        "https://no_dot_field_name/fav_color": "pink"
  1. The app_metadata is updated with no dot in the field name.