diff --git a/app/service/rest.py b/app/service/rest.py
index 2cc7dab90..fb1ea29e1 100644
--- a/app/service/rest.py
+++ b/app/service/rest.py
@@ -34,7 +34,7 @@ from app.dao.service_whitelist_dao import (
 )
 from app.dao import notifications_dao
 from app.dao.provider_statistics_dao import get_fragment_count
-from app.dao.users_dao import get_model_users
+from app.dao.users_dao import get_user_by_id
 from app.errors import (
     register_errors,
     InvalidRequest
@@ -88,7 +88,7 @@ def create_service():
         errors = {'user_id': ['Missing data for required field.']}
         raise InvalidRequest(errors, status_code=400)
 
-    user = get_model_users(data['user_id'])
+    user = get_user_by_id(data['user_id'])
     data.pop('user_id', None)
     valid_service = service_schema.load(request.get_json()).data
     dao_create_service(valid_service, user)
@@ -148,7 +148,7 @@ def get_users_for_service(service_id):
 @service_blueprint.route('/<uuid:service_id>/users/<user_id>', methods=['POST'])
 def add_user_to_service(service_id, user_id):
     service = dao_fetch_service_by_id(service_id)
-    user = get_model_users(user_id=user_id)
+    user = get_user_by_id(user_id=user_id)
 
     if user in service.users:
         error = 'User id: {} already part of service id: {}'.format(user_id, service_id)
@@ -163,7 +163,7 @@ def add_user_to_service(service_id, user_id):
 @service_blueprint.route('/<uuid:service_id>/users/<user_id>', methods=['DELETE'])
 def remove_user_from_service(service_id, user_id):
     service = dao_fetch_service_by_id(service_id)
-    user = get_model_users(user_id=user_id)
+    user = get_user_by_id(user_id=user_id)
     if user not in service.users:
         error = 'User not found'
         raise InvalidRequest(error, status_code=404)
diff --git a/app/user/rest.py b/app/user/rest.py
index 2e6e6b021..e41e10877 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -4,7 +4,7 @@ from datetime import datetime
 from flask import (jsonify, request, Blueprint, current_app)
 from app import encryption, DATETIME_FORMAT
 from app.dao.users_dao import (
-    get_model_users,
+    get_user_by_id,
     save_model_user,
     create_user_code,
     get_user_code,
@@ -12,7 +12,8 @@ from app.dao.users_dao import (
     increment_failed_login_count,
     reset_failed_login_count,
     get_user_by_email,
-    create_secret_code
+    create_secret_code,
+    save_user_attribute
 )
 from app.dao.permissions_dao import permission_dao
 from app.dao.services_dao import dao_fetch_service_by_id
@@ -22,8 +23,10 @@ from app.schemas import (
     email_data_request_schema,
     user_schema,
     request_verify_code_schema,
+    permission_schema,
     user_schema_load_json,
-    permission_schema)
+    user_update_schema_load_json
+)
 
 from app.celery.tasks import (
     send_sms,
@@ -53,7 +56,7 @@ def create_user():
 
 @user.route('/<uuid:user_id>', methods=['PUT'])
 def update_user(user_id):
-    user_to_update = get_model_users(user_id=user_id)
+    user_to_update = get_user_by_id(user_id=user_id)
     req_json = request.get_json()
     update_dct, errors = user_schema_load_json.load(req_json)
     pwd = req_json.get('password', None)
@@ -66,9 +69,20 @@ def update_user(user_id):
     return jsonify(data=user_schema.dump(user_to_update).data), 200
 
 
+@user.route('/<uuid:user_id>/update-attribute', methods=['PUT'])
+def update_user_attribute(user_id):
+    user_to_update = get_user_by_id(user_id=user_id)
+    req_json = request.get_json()
+    update_dct, errors = user_update_schema_load_json.load(req_json)
+    if errors:
+        raise InvalidRequest(errors, status_code=400)
+    save_user_attribute(user_to_update, update_dict=update_dct)
+    return jsonify(data=user_schema.dump(user_to_update).data), 200
+
+
 @user.route('/<uuid:user_id>/verify/password', methods=['POST'])
 def verify_user_password(user_id):
-    user_to_verify = get_model_users(user_id=user_id)
+    user_to_verify = get_user_by_id(user_id=user_id)
 
     txt_pwd = None
     try:
@@ -92,7 +106,7 @@ def verify_user_password(user_id):
 
 @user.route('/<uuid:user_id>/verify/code', methods=['POST'])
 def verify_user_code(user_id):
-    user_to_verify = get_model_users(user_id=user_id)
+    user_to_verify = get_user_by_id(user_id=user_id)
 
     txt_code = None
     resp_json = request.get_json()
@@ -120,7 +134,7 @@ def verify_user_code(user_id):
 
 @user.route('/<uuid:user_id>/sms-code', methods=['POST'])
 def send_user_sms_code(user_id):
-    user_to_send_to = get_model_users(user_id=user_id)
+    user_to_send_to = get_user_by_id(user_id=user_id)
     verify_code, errors = request_verify_code_schema.load(request.get_json())
 
     secret_code = create_secret_code()
@@ -149,7 +163,7 @@ def send_user_sms_code(user_id):
 
 @user.route('/<uuid:user_id>/change-email-verification', methods=['POST'])
 def send_user_confirm_new_email(user_id):
-    user_to_send_to = get_model_users(user_id=user_id)
+    user_to_send_to = get_user_by_id(user_id=user_id)
     email, errors = email_data_request_schema.load(request.get_json())
     if errors:
         raise InvalidRequest(message=errors, status_code=400)
@@ -178,7 +192,7 @@ def send_user_confirm_new_email(user_id):
 
 @user.route('/<uuid:user_id>/email-verification', methods=['POST'])
 def send_user_email_verification(user_id):
-    user_to_send_to = get_model_users(user_id=user_id)
+    user_to_send_to = get_user_by_id(user_id=user_id)
     secret_code = create_secret_code()
     create_user_code(user_to_send_to, secret_code, 'email')
 
@@ -230,7 +244,7 @@ def send_already_registered_email(user_id):
 @user.route('/<uuid:user_id>', methods=['GET'])
 @user.route('', methods=['GET'])
 def get_user(user_id=None):
-    users = get_model_users(user_id=user_id)
+    users = get_user_by_id(user_id=user_id)
     result = user_schema.dump(users, many=True) if isinstance(users, list) else user_schema.dump(users)
     return jsonify(data=result.data)
 
@@ -239,7 +253,7 @@ def get_user(user_id=None):
 def set_permissions(user_id, service_id):
     # TODO fix security hole, how do we verify that the user
     # who is making this request has permission to make the request.
-    user = get_model_users(user_id=user_id)
+    user = get_user_by_id(user_id=user_id)
     service = dao_fetch_service_by_id(service_id=service_id)
     permissions, errors = permission_schema.load(request.get_json(), many=True)
 
diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py
index 14b26d387..d9261fbb8 100644
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -1,4 +1,5 @@
 import json
+import pytest
 
 from flask import url_for, current_app
 from freezegun import freeze_time
@@ -180,6 +181,29 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_service):
             assert sorted(expected_permissions) == sorted(fetched['permissions'][str(sample_service.id)])
 
 
+@pytest.mark.parametrize('user_attribute, user_value', [
+    ('name', 'New User'),
+    ('email_address', 'newuser@mail.com'),
+    ('mobile_number', '+4407700900460')
+])
+def test_put_user_attribute(client, sample_user, user_attribute, user_value):
+    assert getattr(sample_user, user_attribute) != user_value
+    update_dict = {
+        user_attribute: user_value
+    }
+    auth_header = create_authorization_header()
+    headers = [('Content-Type', 'application/json'), auth_header]
+
+    resp = client.put(
+        url_for('user.update_user_attribute', user_id=sample_user.id),
+        data=json.dumps(update_dict),
+        headers=headers)
+
+    assert resp.status_code == 200
+    json_resp = json.loads(resp.get_data(as_text=True))
+    assert json_resp['data'][user_attribute] == user_value
+
+
 def test_put_user_update_password(notify_api,
                                   notify_db,
                                   notify_db_session,