Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello,
We ran a migration script that updates the `schema_id` for our users and adds an extra trait. Since we have thousands of users, the script was running for ~24 hours. A few of them failed for various reasons, but we have a few suspicious ones:
```{"error":{"code":"400","details":{"ruleId":"738b1b04"},"message":"Blocked","reason":"Request has been marked as malicious.","status":"Bad Request"}}```
How could we avoid these errors?

That sometimes happen if Cloudflare thinks your request is e.g. SQL injection. Could you share an example payload (feel free to anonymize data) to replicate and is it always replicable with this type of data?

No, it is not replicable. We have sent almost 50k requests, and only a few have had this error.
 We're calling the `PATCH /admin/identities/{id}`  endpoint with a payload like this:
```[{"op":"replace","path":"/schema_id","value":"30881f94c6f11462c692fed0f8fa37628b915 ..."},{"op":"replace","path":"/credentials/password/config/hashed_password","value":"$2y$10$ ..."},{"op":"replace","path":"/traits/phone","value":"+123 ..."}]}```