Create a user
Creating a user can be done by POST'ing user profile details resource to the users resource collection.
If you need to create the user with a suspended/disabled status, for example, you need users to validate their email addresses prior to being able to access the system, then you can pass an optional uri parameter of ?suspended=true. Use the unsuspend a user endpoint to allow the user to log in.
If you require a user to update their password before logging in for the first time then you can pass an optional uri parameter of ?forcePasswordReset=true. This value will prompt the user to change their password when they try and log in and will be cleared after a successful password update.
POST/api/security/users
Parameter
| Name | Parameter type | Type | Format | Description | Required |
|---|---|---|---|---|---|
| user | body | object | user | The user to create | true |
Examples
Request to create a user
POST: /api/security/users
{
"username": "tdurden",
"email": "t.turden@fightclub.com",
"firstName": "Tyler",
"lastName": "Durden",
"timezone": "America/New_York",
"expiry": "2050-12-31T23:59:59.999Z",
"language": "en-US",
"custom": {
"department": "Soap sales"
},
"credentials": {
"password": "pr0j3ctM4yh3m"
}
}Request to create a user with an initial status of suspended
POST: /api/security/users?suspended=true
{
"username": "tdurden",
"email": "t.turden@fightclub.com",
"firstName": "Tyler",
"lastName": "Durden",
"timezone": "America/New_York",
"expiry": "2050-12-31T23:59:59.999Z",
"language": "en-US",
"custom": {
"department": "Soap sales"
},
"credentials": {
"password": "pr0j3ctM4yh3m"
}
}Request to create a user with an initial status of password reset required
POST: /api/security/users?forcePasswordReset=true
{
"username": "tdurden",
"email": "t.turden@fightclub.com",
"firstName": "Tyler",
"lastName": "Durden",
"timezone": "America/New_York",
"expiry": "2050-12-31T23:59:59.999Z",
"language": "en-US",
"custom": {
"department": "Soap sales"
},
"credentials": {
"password": "pr0j3ctM4yh3m"
}
}Remarks
If a username is not provided then the email will be used as the username.
Expiry must be a future date. If an expiry date is not provided then no value will be set on the user and the user account will never expire.
Passwords must comply with the user password policy.