> ## Documentation Index
> Fetch the complete documentation index at: https://docs.byzantine.fi/llms.txt
> Use this file to discover all available pages before exploring further.

# Step 2 Update users role (passkey)

> Update the roles of users of a Byzantine account. This action must be approved by the current root quorum.



## OpenAPI

````yaml /api-reference/openapi-integrator.json post /v1/submit/update-users-role
openapi: 3.0.3
info:
  title: Byzantine Integrator API
  description: Byzantine REST API for integrators.
  license:
    name: ''
  version: 0.2.0
servers:
  - url: https://sandbox.api.byzantine.fi
    description: Sandbox
security: []
tags:
  - name: API health
    description: Check API status.
  - name: Customer management
    description: Endpoints to create, update, and retrieve customer information.
  - name: Account management
    description: Endpoints to manage accounts, bank accounts, invitations, and user roles.
  - name: Products
    description: Endpoints to get data about products and vaults.
  - name: Transactions
    description: Endpoints to create and manage transactions.
  - name: OTP authentication
    description: Endpoints to initialize and manage user authentication with OTP.
  - name: Webhooks
    description: Integrator-managed outbound webhook subscriptions and delivery history.
paths:
  /v1/submit/update-users-role:
    post:
      tags:
        - Account management
      summary: Step 2 Update users role (passkey)
      description: >-
        Update the roles of users of a Byzantine account. This action must be
        approved by the current root quorum.
      operationId: update_users_role
      parameters:
        - name: X-Pubkey
          in: header
          description: >-
            Integrator's ECDSA public key (P-256 curve, compressed SEC1 format).
            Example:
            0x038fedef7c12f93bbf342ad8943b7a825a3b41f61c9dc118b2c718efebabbf62fd
          required: true
          schema:
            type: string
        - name: X-Timestamp
          in: header
          description: >-
            Unix timestamp in seconds (UTC). Must be within tolerance window (1
            minute) to prevent replay attacks. Example: 1760375826
          required: true
          schema:
            type: string
        - name: X-Signature
          in: header
          description: >-
            ECDSA signature (DER-encoded, hex with 0x prefix). Signs the
            message: {timestamp}{METHOD}{path_and_query}{json_body}. Example:
            0x3045022100...
          required: true
          schema:
            type: string
      requestBody:
        description: Body to update the root quorum of a Byzantine account
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateUsersRoleRequestBodyPasskey'
        required: true
      responses:
        '200':
          description: Users' roles updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UpdateUsersRoleResponse'
        '400':
          description: Invalid request payload
        '401':
          description: >-
            Unauthorized - Account does not belong to integrator or user is not
            a root user
        '500':
          description: Internal server error
      security:
        - integrator_auth: []
components:
  schemas:
    UpdateUsersRoleRequestBodyPasskey:
      type: object
      required:
        - signedBody
        - webAuthnStamp
      properties:
        signedBody:
          $ref: '#/components/schemas/UpdateRootQuorumRequest'
        webAuthnStamp:
          type: string
          description: >-
            Cryptographically passkey signed (stamped). For more info, see
            [authentication
            methods](https://docs.byzantine.fi/api-reference/authentication-methods).
    UpdateUsersRoleResponse:
      type: object
      description: Response body when users' roles are successfully updated
      required:
        - accountId
        - threshold
        - rootUserIds
      properties:
        accountId:
          $ref: '#/components/schemas/Uuid'
        threshold:
          type: integer
          format: int32
          description: The new threshold of unique approvals to reach quorum.
          example: 1
          minimum: 0
        rootUserIds:
          type: array
          items:
            type: string
          description: The unique identifiers of users who now comprise the quorum set.
    UpdateRootQuorumRequest:
      type: object
      description: >-
        The object that needs to be signed by the end user to update the root
        quorum of a Byzantine account.
      required:
        - type
        - timestampMs
        - organizationId
        - parameters
      properties:
        type:
          type: string
          description: Defaults to `ACTIVITY_TYPE_UPDATE_ROOT_QUORUM`
          example: ACTIVITY_TYPE_UPDATE_ROOT_QUORUM
        timestampMs:
          type: string
          description: UNIX timestamp of the creation of the request.
        organizationId:
          type: string
          description: The account ID (sub-organization ID) updating the root quorum.
          example: d107c1e1-766a-4091-802c-de61a3973e91
        parameters:
          $ref: '#/components/schemas/UpdateRootQuorumParams'
    Uuid:
      type: string
      format: uuid
      description: A UUID string
      example: 550e8400-e29b-41d4-a716-446655440000
    UpdateRootQuorumParams:
      type: object
      description: >-
        The parameters object containing the specific intent data for updating
        the root quorum.
      required:
        - threshold
        - userIds
      properties:
        threshold:
          type: integer
          format: int32
          description: The threshold of unique approvals to reach quorum.
          example: 1
          minimum: 0
        userIds:
          type: array
          items:
            type: string
          description: The unique identifiers of users who comprise the quorum set.
  securitySchemes:
    integrator_auth:
      type: apiKey
      in: header
      name: X-Pubkey, X-Timestamp, X-Signature

````