When you make a call to such as below with NULL user details for the user which is not allowed:

PUT /rest/usermanagement/latest/user?username=example-user
body: {"name": "example-user", "first-name": "", "last-name": "example service account", "email": "", "display-name": "example service account", "active": true, "password": {"value": "dont-care-it-authenticates-from-ad-anyway"}}

That call will respond with a 204 success even though the fields have not been updated which can be confusing when scripting or automating users indicating the call has been a success when technically it hasn't. In the UI you are warned these fields are required.

It would be beneficial to have a different response when a required field or invalid character is included and the field is not updated with a warning of some description or a 415 etc.