# User Management API



<EndpointIndex
  names={[
  	'createUser',
  	'fetchMyUserDetails',
  	'fetchUserByName',
  	'fetchUserByLocator',
  	'fetchMultipleUsers',
  	'fetchMultipleBasicUsers',
  	'updateUser',
  	'resetUserPassword',
  	'deleteUser',
  	'createRole',
  	'getRole',
  	'updateRole',
  	'fetchMultipleRoles',
  	'deleteRole',
  	'listTenantRoles',
  	'getTenantRole',
  	'createTenantRole',
  	'updateTenantRole',
  	'deleteTenantRole',
  	'fetchAvailablePermissions',
  	'fetchUserPermissions',
  	'fetchUserTenantPermissions',
  	'getGroupedTokenPermissions',
  	'updateUserRoles',
  	'updateUserTenantAssignments',
  ]}
  titles={{
  	createUser: 'Create a User',
  	fetchMyUserDetails: 'Fetch My User Details',
  	fetchUserByName: 'Fetch a User by Name',
  	fetchUserByLocator: 'Fetch a User by Locator',
  	updateUser: 'Update a User',
  	resetUserPassword: "Reset a User's Password",
  	deleteUser: 'Delete a User',
  	createRole: 'Create a Role',
  	getRole: 'Fetch a Role',
  	updateRole: 'Update a Role',
  	fetchMultipleRoles: 'Fetch Multiple Roles',
  	deleteRole: 'Delete a Role',
  	listTenantRoles: 'Fetch Multiple Tenant Roles',
  	getTenantRole: 'Fetch a Tenant Role',
  	createTenantRole: 'Create a Tenant Role',
  	updateTenantRole: 'Update a Tenant Role',
  	deleteTenantRole: 'Delete a Tenant Role',
  	fetchAvailablePermissions: 'Fetch Available Permissions',
  	fetchUserPermissions: 'Fetch User Permissions',
  	fetchUserTenantPermissions: "Fetch a User's Tenant Permissions",
  	getGroupedTokenPermissions: 'Fetch Grouped Token Permissions',
  	updateUserRoles: 'Update User Roles',
  	updateUserTenantAssignments: "Update a User's Tenant Assignments",
  }}
/>

Users [#users]

Create a User [#create-a-user]

<ApiEndpoint name="createUser" title="Create a User" />

<ApiSchema name="UserCreateRequest" />

<ApiSchema name="UserResponse" />

Fetch My User Details [#fetch-my-user-details]

<ApiEndpoint name="fetchMyUserDetails" title="Fetch My User Details" />

Fetch a User by Name [#fetch-a-user-by-name]

<ApiEndpoint name="fetchUserByName" title="Fetch a User by Name" />

Fetch a User by Locator [#fetch-a-user-by-locator]

<ApiEndpoint name="fetchUserByLocator" title="Fetch a User by Locator" />

Fetch Multiple Users [#fetch-multiple-users]

<ApiEndpoint name="fetchMultipleUsers" />

<ApiSchema name="UserListResponse" />

Fetch Multiple Basic Users [#fetch-multiple-basic-users]

<ApiEndpoint name="fetchMultipleBasicUsers" />

<ApiSchema name="BasicUserListResponse" />

<ApiSchema name="BasicUserResponse" />

Update a User [#update-a-user]

<ApiEndpoint name="updateUser" title="Update a User" />

<ApiSchema name="UserUpdateRequest" />

Reset a User's Password [#reset-a-users-password]

<ApiEndpoint name="resetUserPassword" title="Reset a User's Password" />

Delete a User [#delete-a-user]

<ApiEndpoint name="deleteUser" title="Delete a User" />

Roles [#roles]

Create a Role [#create-a-role]

<ApiEndpoint name="createRole" title="Create a Role" />

<ApiSchema name="RoleCreateRequest" />

<ApiSchema name="RoleResponse" />

Fetch a Role [#fetch-a-role]

<ApiEndpoint name="getRole" title="Fetch a Role" />

Update a Role [#update-a-role]

<ApiEndpoint name="updateRole" title="Update a Role" />

<ApiSchema name="RoleUpdateRequest" />

Fetch Multiple Roles [#fetch-multiple-roles]

<ApiEndpoint name="fetchMultipleRoles" title="Fetch Multiple Roles" />

<ApiSchema name="RoleListResponse" />

Delete a Role [#delete-a-role]

<ApiEndpoint name="deleteRole" title="Delete a Role" />

Tenant Roles [#tenant-roles]

Fetch Multiple Tenant Roles [#fetch-multiple-tenant-roles]

<ApiEndpoint name="listTenantRoles" title="Fetch Multiple Tenant Roles" />

Fetch a Tenant Role [#fetch-a-tenant-role]

<ApiEndpoint name="getTenantRole" title="Fetch a Tenant Role" />

Create a Tenant Role [#create-a-tenant-role]

<ApiEndpoint name="createTenantRole" title="Create a Tenant Role" />

Update a Tenant Role [#update-a-tenant-role]

<ApiEndpoint name="updateTenantRole" title="Update a Tenant Role" />

Delete a Tenant Role [#delete-a-tenant-role]

<ApiEndpoint name="deleteTenantRole" title="Delete a Tenant Role" />

<ApiSchema name="ListPageResponseRoleDetails" />

<ApiSchema name="CreateTenantRoleReq" />

<ApiSchema name="PatchTenantRoleReq" />

Permissions [#permissions]

Fetch Available Permissions [#fetch-available-permissions]

<ApiEndpoint name="fetchAvailablePermissions" title="Fetch Available Permissions" />

Fetch User Permissions [#fetch-user-permissions]

<ApiEndpoint name="fetchUserPermissions" title="Fetch User Permissions" />

Fetch a User's Tenant Permissions [#fetch-a-users-tenant-permissions]

<ApiEndpoint name="fetchUserTenantPermissions" title="Fetch a User's Tenant Permissions" />

Fetch Grouped Token Permissions [#fetch-grouped-token-permissions]

<ApiEndpoint name="getGroupedTokenPermissions" title="Fetch Grouped Token Permissions" />

User Role Assignments [#user-role-assignments]

Update User Roles [#update-user-roles]

<ApiEndpoint name="updateUserRoles" title="Update User Roles" />

<ApiSchema name="UserRolesUpdateRequest" />

User Tenant Assignments [#user-tenant-assignments]

Update a User's Tenant Assignments [#update-a-users-tenant-assignments]

<ApiEndpoint name="updateUserTenantAssignments" title="Update a User's Tenant Assignments" />

<ApiSchema name="UserTenantsAssignmentsUpdateRequest" />


## API Reference

POST /auth/users — createUser
Tags: users-controller
Permissions: add
Parameters:
  enableUser (boolean, query) — When true, user will be active (enabled) even if password is not set. Useful for SSO since user cannot use any other credentials to log in
Request body (UserCreateRequest):
Responses:
  200 UserResponse — OK

GET /auth/users/whoami — fetchMyUserDetails
Tags: users-controller
Permissions: custom
Responses:
  200 UserResponse — OK

GET /auth/users/username/{username} — fetchUserByName
Tags: users-controller
Permissions: read
Parameters:
  username (string, path, required)
Responses:
  200 UserResponse[] — OK

GET /auth/users/{locator} — fetchUserByLocator
Tags: users-controller
Permissions: custom, read
Parameters:
  locator (uuid, path, required)
Responses:
  200 UserResponse — OK

GET /auth/users/list — fetchMultipleUsers
Tags: users-controller
Permissions: read, list
Parameters:
  offset (integer, query)
  count (integer, query)
  extended (boolean, query) — When false, returns a bare array.
Responses:
  200 UserListResponse — OK

GET /auth/users/basic/list — fetchMultipleBasicUsers
This endpoint returns a simplified response and therefore has a higher count limit compared to 'fetchMultipleUsers'.
Tags: users-controller
Permissions: read, list
Parameters:
  offset (integer, query)
  count (integer, query)
  extended (boolean, query)
Responses:
  200 BasicUserResponse — OK

PATCH /auth/users/{locator} — updateUser
Tags: users-controller
Permissions: update, custom
Parameters:
  locator (uuid, path, required)
Request body (UserUpdateRequest):
Responses:
  200 UserResponse — OK

PATCH /auth/users/{locator}/passwordreset — resetUserPassword
Tags: users-controller
Permissions: password-reset
Parameters:
  locator (uuid, path, required)
Request body (string):
Responses:
  200 — OK

DELETE /auth/users/{locator} — deleteUser
Tags: users-controller
Permissions: delete
Parameters:
  locator (uuid, path, required)
Responses:
  200 — OK

POST /auth/roles — createRole
Tags: roles-controller
Permissions: add
Request body (RoleCreateRequest):
Responses:
  200 RoleResponse — OK

GET /auth/roles/{locator} — getRole
Tags: roles-controller
Permissions: read
Parameters:
  locator (ulid, path, required)
Responses:
  200 RoleResponse — OK

PATCH /auth/roles/{locator} — updateRole
Tags: roles-controller
Permissions: update
Parameters:
  locator (ulid, path, required)
Request body (RoleUpdateRequest):
Responses:
  200 RoleResponse — OK

GET /auth/roles/list — fetchMultipleRoles
Tags: roles-controller
Permissions: read, list
Parameters:
  offset (integer, query)
  count (integer, query)
  extended (boolean, query) — When false, returns a bare array.
Responses:
  200 RoleListResponse — OK

DELETE /auth/roles/{locator} — deleteRole
Tags: roles-controller
Permissions: delete
Parameters:
  locator (ulid, path, required)
Responses:
  200 — OK

GET /auth/roles/tenant/{tenantLocator}/list — listTenantRoles
Tags: roles-controller
Permissions: read, list
Parameters:
  tenantLocator (uuid, path, required)
  offset (integer, query)
  count (integer, query)
Responses:
  200 ListPageResponseRoleDetails — OK

GET /auth/roles/tenant/{tenantLocator}/{roleLocator} — getTenantRole
Tags: roles-controller
Permissions: read
Parameters:
  tenantLocator (uuid, path, required)
  roleLocator (ulid, path, required)
Responses:
  200 RoleResponse — OK

POST /auth/roles/tenant/{tenantLocator}/{roleLocator} — createTenantRole
Tags: roles-controller
Permissions: add
Parameters:
  tenantLocator (uuid, path, required)
  roleLocator (ulid, path, required)
Request body (CreateTenantRoleReq):
Responses:
  200 RoleResponse — OK

PATCH /auth/roles/tenant/{tenantLocator}/{roleLocator} — updateTenantRole
Tags: roles-controller
Permissions: update
Parameters:
  tenantLocator (uuid, path, required)
  roleLocator (ulid, path, required)
Request body (PatchTenantRoleReq):
Responses:
  200 RoleResponse — OK

DELETE /auth/roles/tenant/{tenantLocator}/{roleLocator} — deleteTenantRole
Tags: roles-controller
Permissions: delete
Parameters:
  tenantLocator (uuid, path, required)
  roleLocator (ulid, path, required)
Responses:
  200 — OK

GET /auth/roles/permissions — fetchAvailablePermissions
Tags: roles-controller
Permissions: read
Responses:
  200 string[] — OK

GET /auth/users/{locator}/permissions — fetchUserPermissions
Tags: users-controller
Permissions: read, custom
Parameters:
  locator (uuid, path, required)
Responses:
  200 string[] — OK

GET /auth/users/{userLocator}/tenant/{tenantLocator}/permissions — fetchUserTenantPermissions
Tags: users-controller
Permissions: read, custom
Parameters:
  userLocator (uuid, path, required)
  tenantLocator (uuid, path, required)
Responses:
  200 string[] — OK

POST /auth/users/tokens/permissions — getGroupedTokenPermissions
Tags: users-controller
Permissions: read, custom
Request body (string):
Responses:
  200 map<string, string[]> — OK

PATCH /auth/users/{locator}/roles — updateUserRoles
Tags: users-controller
Permissions: update-roles
Parameters:
  locator (uuid, path, required)
Request body (UserRolesUpdateRequest):
Responses:
  200 UserResponse — OK

PATCH /auth/users/{locator}/tenants — updateUserTenantAssignments
Tags: users-controller
Permissions: update-tenants
Parameters:
  locator (uuid, path, required)
Request body (UserTenantsAssignmentsUpdateRequest):
Responses:
  200 UserResponse — OK

UserCreateRequest
Properties:
  userName (string, required) — A user name in email format
  firstName (string, required)
  lastName (string, required)
  password (string, required)
  temporaryPassword (boolean, required)
  serviceAccount (boolean, required)
  email (string)
  tenants (string[])
  roles (string[])

UserResponse
Properties:
  locator (uuid, required)
  userName (string, required)
  firstName (string, required)
  lastName (string, required)
  email (string)
  serviceAccount (boolean, required)
  roles (string[])
  tenants (string[], required)
  permissions (string[])

UserListResponse
Properties:
  listCompleted (boolean, required)
  items (UserResponse[], required)

BasicUserListResponse
Properties:
  listCompleted (boolean, required)
  items (BasicUserResponse[], required)

BasicUserResponse
Properties:
  firstName (string)
  lastName (string)
  locator (ulid, required)
  userName (string, required)

UserUpdateRequest
Properties:
  firstName (string, required)
  lastName (string, required)
  email (string)
  roles (string[])
  tenants (string[], required)
  permissions (string[])

RoleCreateRequest
Properties:
  name (string, required)
  permissions (string[], required)
  description (string, required)

RoleResponse
Properties:
  name (string, required)
  locator (ulid, required)
  permissions (string[], required)
  version (integer, required)
  createdAt (datetime, required)
  createdBy (uuid, required)
  description (string, required)

RoleUpdateRequest
Properties:
  version (integer, required)
  name (string, required)
  addPermissions (string[], required)
  removePermissions (string[], required)
  description (string, required)

RoleListResponse
Properties:
  listCompleted (boolean, required)
  items (RoleResponse[], required)

ListPageResponseRoleDetails
Properties:
  listCompleted (boolean, required)
  items (RoleResponse[], required)

CreateTenantRoleReq
Properties:
  permissions (string[], required)
  description (string)

PatchTenantRoleReq
Properties:
  version (integer, required)
  addPermissions (string[], required)
  removePermissions (string[], required)
  description (string)

UserRolesUpdateRequest
Properties:
  addRoles (string[], required)
  removeRoles (string[], required)

UserTenantsAssignmentsUpdateRequest
Properties:
  addTenants (string[], required)
  removeTenants (string[], required)