Create a user

Created by s.yearsley, last modified by c.neale on 21 May 2021

Creating a user can be done by POST'ing user profile details resource to the users resource collection.

If you need to create the user with a suspended/disabled status, for example, you need users to validate their email addresses prior to being able to access the system, then you can pass an optional uri parameter of ?suspended=true. Use the unsuspend a user endpoint to allow the user to log in.

If you require a user to update their password before logging in for the first time then you can pass an optional uri parameter of ?forcePasswordReset=true. This value will prompt the user to change their password when they try and log in and will be cleared after a successful password update.

POST/api/security/users

Parameter

Name	Parameter type	Type	Format	Description	Required
user	body	object	user	The user to create	true

Examples

Request to create a user

POST: /api/security/users
{
    "username": "tdurden",
    "email": "t.turden@fightclub.com",
    "firstName": "Tyler",
    "lastName": "Durden",
    "timezone": "America/New_York",
    "expiry": "2050-12-31T23:59:59.999Z",
    "language": "en-US",
    "custom": {
        "department": "Soap sales"
    },
    "credentials": {
        "password": "pr0j3ctM4yh3m"
    }
}

Request to create a user with an initial status of suspended

POST: /api/security/users?suspended=true
{
    "username": "tdurden",
    "email": "t.turden@fightclub.com",
    "firstName": "Tyler",
    "lastName": "Durden",
    "timezone": "America/New_York",
    "expiry": "2050-12-31T23:59:59.999Z",
    "language": "en-US",
    "custom": {
        "department": "Soap sales"
    },
    "credentials": {
        "password": "pr0j3ctM4yh3m"
    }
}

Request to create a user with an initial status of password reset required

POST: /api/security/users?forcePasswordReset=true
{
    "username": "tdurden",
    "email": "t.turden@fightclub.com",
    "firstName": "Tyler",
    "lastName": "Durden",
    "timezone": "America/New_York",
    "expiry": "2050-12-31T23:59:59.999Z",
    "language": "en-US",
    "custom": {
        "department": "Soap sales"
    },
    "credentials": {
        "password": "pr0j3ctM4yh3m"
    }
}

Remarks

If a username is not provided then the email will be used as the username.

Expiry must be a future date. If an expiry date is not provided then no value will be set on the user and the user account will never expire.

Passwords must comply with the user password policy.

Responses

HTTP status code	Reason	Model
201	Created	User
401	Unauthorized	Error
403	Forbidden	Error
404	User not found	Error
409	Resource already exists	Error
422	Validation error	Error
500	Internal server error	Error