Appearance
Users API
Manage user accounts. Creating, updating, and deleting users requires Super Admin (manage:all) permission.
List All Users
List all users
GET
/v1/users
Returns all user accounts in the system. Requires read:users permission.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Responses
List of users.
application/json
JSON { "id": "clx1y2z3a0000b4d2", "first_name": "Jane", "last_name": "Doe", "role": { "id": "clx1y2z3a0000b4d2", "slug": "predefined_super_admin", "name": "Super Admin", "policies": [ { "action": "read", "subject": "archive", "conditions": { } } ], "createdAt": "string", "updatedAt": "string" }, "createdAt": "string" }
[
]
Create a User
Create a user
POST
/v1/users
Creates a new user account and optionally assigns a role. Requires manage:all (Super Admin) permission.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Request Body
application/json
JSON "first_name": "Jane", "last_name": "Doe", "password": "securepassword123", "roleId": "clx1y2z3a0000b4d2"
{
}
Responses
User created.
application/json
JSON "id": "clx1y2z3a0000b4d2", "first_name": "Jane", "last_name": "Doe", "role": { "id": "clx1y2z3a0000b4d2", "slug": "predefined_super_admin", "name": "Super Admin", "policies": [ { "action": "read", "subject": "archive", "conditions": { } } ], "createdAt": "string", "updatedAt": "string" }, "createdAt": "string"
{
}
Get a User
Get a user
GET
/v1/users/{id}
Returns a single user by ID. Requires read:users permission.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Parameters
Path Parameters
id*
Type
Requiredstring
Example
"clx1y2z3a0000b4d2"Responses
User details.
application/json
JSON "id": "clx1y2z3a0000b4d2", "first_name": "Jane", "last_name": "Doe", "role": { "id": "clx1y2z3a0000b4d2", "slug": "predefined_super_admin", "name": "Super Admin", "policies": [ { "action": "read", "subject": "archive", "conditions": { } } ], "createdAt": "string", "updatedAt": "string" }, "createdAt": "string"
{
}
Update a User
Update a user
PUT
/v1/users/{id}
Updates a user's email, name, or role assignment. Requires manage:all (Super Admin) permission.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Parameters
Path Parameters
id*
Type
Requiredstring
Example
"clx1y2z3a0000b4d2"Request Body
application/json
JSON "email": "string", "first_name": "string", "last_name": "string", "roleId": "string"
{
}
Responses
Updated user.
application/json
JSON "id": "clx1y2z3a0000b4d2", "first_name": "Jane", "last_name": "Doe", "role": { "id": "clx1y2z3a0000b4d2", "slug": "predefined_super_admin", "name": "Super Admin", "policies": [ { "action": "read", "subject": "archive", "conditions": { } } ], "createdAt": "string", "updatedAt": "string" }, "createdAt": "string"
{
}
Delete a User
Delete a user
DELETE
/v1/users/{id}
Permanently deletes a user. Cannot delete the last remaining user. Requires manage:all (Super Admin) permission.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Parameters
Path Parameters
id*
Type
Requiredstring
Example
"clx1y2z3a0000b4d2"Responses
User deleted. No content returned.
Get Current User Profile
Get current user profile
GET
/v1/users/profile
Returns the profile of the currently authenticated user.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Responses
Current user's profile.
application/json
JSON "id": "clx1y2z3a0000b4d2", "first_name": "Jane", "last_name": "Doe", "role": { "id": "clx1y2z3a0000b4d2", "slug": "predefined_super_admin", "name": "Super Admin", "policies": [ { "action": "read", "subject": "archive", "conditions": { } } ], "createdAt": "string", "updatedAt": "string" }, "createdAt": "string"
{
}
Update Current User Profile
Update current user profile
PATCH
/v1/users/profile
Updates the email, first name, or last name of the currently authenticated user. Disabled in demo mode.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Request Body
application/json
JSON "email": "string", "first_name": "string", "last_name": "string"
{
}
Responses
Updated user profile.
application/json
JSON "id": "clx1y2z3a0000b4d2", "first_name": "Jane", "last_name": "Doe", "role": { "id": "clx1y2z3a0000b4d2", "slug": "predefined_super_admin", "name": "Super Admin", "policies": [ { "action": "read", "subject": "archive", "conditions": { } } ], "createdAt": "string", "updatedAt": "string" }, "createdAt": "string"
{
}
Update Password
Update password
POST
/v1/users/profile/password
Updates the password of the currently authenticated user. The current password must be provided for verification. Disabled in demo mode.
Authorizations
bearerAuth
JWT obtained from POST /v1/auth/login. Pass as Authorization: Bearer <token>.
Type
HTTP (bearer)
or
apiKeyAuth
API key generated via POST /v1/api-keys. Pass as X-API-KEY: <key>.
Type
API Key (header: X-API-KEY)
Request Body
application/json
JSON "currentPassword": "string", "newPassword": "string"
{
}
Responses
Password updated successfully.
application/json
JSON "message": "Operation completed successfully."
{
}