POST
/v1/mgmt/user/create

Create a new user, using a valid management key.

This API endpoint will create a new user utilizing a valid management key.

This API endpoint allows you to configure all aspects of a user:

  • loginId
  • email
  • phone
  • verified settings (phone, email) - one must be set to true
  • displayName
  • roleNames
  • Tenant configurations - which tenantIds, which roleNames. The userTenants can include multiple items Ex:
"userTenants": [
{
  "tenantId": "T2IMjmRfYTQHlbaastz3im59ERS3",
  "roleNames": [
    "Test"
  ]
},
{
  "tenantId": "T2Igau6dX1R6SkomtFCdBLrc3r67",
  "roleNames": [
    "Test"
  ]
}

Additionally, you can create a user with multiple login IDs by passing an array of loginIds in string format within the additionalIdentifiers key.

Next Steps

Once the user is created, the user can then login utilizing any sign-in api supported. This will then switch the user from invited to active.

See also

Endpoint Authentication

Use authorization bearer header with the following format:

Authorization: Bearer \<ProjectId:ManagementKey\>

Try it

/v1/mgmt/user/create

The Authorization access token

Authorization

Authorization
Required
Bearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

loginIdstring

emailstring

phonestring

verifiedEmailboolean

verifiedPhoneboolean

namestring

roleNamesarray<string>

userTenantsarray<object>

inviteboolean

testboolean

Default: false

customAttributesobject

custom attributes of users

picturestring

sendMailboolean

sendSMSboolean

additionalIdentifiersarray<string>

inviteUrlstring

passwordstring

hashedPasswordobject

givenNamestring

middleNamestring

familyNamestring

ssoAppIdsarray<string>

templateOptionsobject

Status codeDescription
200OK
curl -X POST "https://api.descope.com/v1/mgmt/user/create" \
  -d '{
  "loginId": "string",
  "email": "string",
  "phone": "string",
  "verifiedEmail": true,
  "verifiedPhone": true,
  "name": "string",
  "roleNames": [
    "string"
  ],
  "userTenants": [
    {
      "tenantId": "string",
      "roleNames": [
        "string"
      ]
    }
  ],
  "invite": true,
  "test": false,
  "customAttributes": {},
  "picture": "string",
  "sendMail": true,
  "sendSMS": true,
  "additionalIdentifiers": [
    "string"
  ],
  "inviteUrl": "string",
  "password": "string",
  "hashedPassword": {
    "bcrypt": {
      "hash": "string"
    },
    "django": {
      "hash": "string"
    },
    "firebase": {
      "hash": "string",
      "salt": "string",
      "saltSeparator": "string",
      "signerKey": "string",
      "memory": 0,
      "rounds": 0
    },
    "pbkdf2": {
      "hash": "string",
      "salt": "string",
      "iterations": 0,
      "type": "string"
    },
    "phpass": {
      "hash": "string",
      "salt": "string",
      "iterations": 0,
      "type": "string"
    }
  },
  "givenName": "string",
  "middleName": "string",
  "familyName": "string",
  "ssoAppIds": [
    "string"
  ],
  "templateOptions": {
    "property1": "string",
    "property2": "string"
  }
}'

{
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string"
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {},
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true
  }
}

Was this helpful?