Skip to main content
Browse Documentation
HTTP - Management

Create a user

Created by s.yearsley, last modified by c.neale on 21 May 2021

Creating a user can be done by POST'ing user profile details resource to the users resource collection.

If you need to create the user with a suspended/disabled status, for example, you need users to validate their email addresses prior to being able to access the system, then you can pass an optional uri parameter of ?suspended=true.  Use the unsuspend a user endpoint to allow the user to log in.

If you require a user to update their password before logging in for the first time then you can pass an optional uri parameter of ?forcePasswordReset=true.  This value will prompt the user to change their password when they try and log in and will be cleared after a successful password update.

POST/api/security/users

Parameter

NameParameter typeTypeFormatDescriptionRequired
userbodyobjectuserThe user to createtrue

Examples

Request to create a user

POST: /api/security/users
{
    "username": "tdurden",
    "email": "t.turden@fightclub.com",
    "firstName": "Tyler",
    "lastName": "Durden",
    "timezone": "America/New_York",
    "expiry": "2050-12-31T23:59:59.999Z",
    "language": "en-US",
    "custom": {
        "department": "Soap sales"
    },
    "credentials": {
        "password": "pr0j3ctM4yh3m"
    }
}

Request to create a user with an initial status of suspended

POST: /api/security/users?suspended=true
{
    "username": "tdurden",
    "email": "t.turden@fightclub.com",
    "firstName": "Tyler",
    "lastName": "Durden",
    "timezone": "America/New_York",
    "expiry": "2050-12-31T23:59:59.999Z",
    "language": "en-US",
    "custom": {
        "department": "Soap sales"
    },
    "credentials": {
        "password": "pr0j3ctM4yh3m"
    }
}

Request to create a user with an initial status of password reset required

POST: /api/security/users?forcePasswordReset=true
{
    "username": "tdurden",
    "email": "t.turden@fightclub.com",
    "firstName": "Tyler",
    "lastName": "Durden",
    "timezone": "America/New_York",
    "expiry": "2050-12-31T23:59:59.999Z",
    "language": "en-US",
    "custom": {
        "department": "Soap sales"
    },
    "credentials": {
        "password": "pr0j3ctM4yh3m"
    }
}

Remarks

If a username is not provided then the email will be used as the username.

Expiry must be a future date.  If an expiry date is not provided then no value will be set on the user and the user account will never expire.

Passwords must comply with the user password policy.

Responses

HTTP status codeReasonModel
201CreatedUser
401UnauthorizedError
403ForbiddenError
404User not foundError
409Resource already existsError
422Validation errorError
500Internal server errorError