/v1/mgmt/user/createAuthorization
Descope Project ID and Management Key Project ID:Management Key as bearer token.
In: header
Request Body
application/json
falseCustom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.
{
"attribute-key": "attribute-value"
}Create a new user, using a valid management key.
This API endpoint will create a new user utilizing a valid management key.
This API endpoint allows you to configure all aspects of a user:
- loginId
- phone
- verified settings (phone, email) - one must be set to true
- displayName
- roleNames
- Tenant configurations - which tenantIds, which roleNames. The userTenants can include multiple items Ex:
"userTenants": [
{
"tenantId": "T2IMjmRfYTQHlbaastz3im59ERS3",
"roleNames": [
"Test"
]
},
{
"tenantId": "T2Igau6dX1R6SkomtFCdBLrc3r67",
"roleNames": [
"Test"
]
}Additionally, you can create a user with multiple login IDs by passing an array of loginIds in string format within the additionalIdentifiers key.
Next Steps
Once the user is created, the user can then login utilizing any sign-in api supported. This will then switch the user from invited to active.
See also
- See Manage User for further details on managing users.
- See The User Object for further details on the user object.
curl -X POST "https://api.descope.com/v1/mgmt/user/create" \ -H "Content-Type: application/json" \ -d '{}'{ "user": { "loginIds": [ "string" ], "userId": "string", "name": "string", "email": "string", "phone": "string", "verifiedEmail": true, "verifiedPhone": true, "roleNames": [ "string" ], "userTenants": [ { "tenantId": "string", "roleNames": [ "string" ], "tenantName": "string", "permissions": [ "string" ], "roleIds": [ "string" ] } ], "status": "string", "externalIds": [ "string" ], "picture": "string", "test": false, "customAttributes": { "attribute-key": "attribute-value" }, "createdTime": 0, "TOTP": false, "SAML": false, "OAuth": { "property1": false, "property2": false }, "webauthn": true, "password": true, "ssoAppIds": [ "string" ], "givenName": "string", "middleName": "string", "familyName": "string", "editable": true, "SCIM": true, "push": true, "permissions": [ "string" ], "OIDC": true, "consentExpiration": 0, "recoveryEmail": "string", "verifiedRecoveryEmail": true, "recoveryPhone": "string", "verifiedRecoveryPhone": true, "modifiedTime": 0, "roleIds": [ "string" ] }, "created": true}export interface Response {user?: {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: numberrecoveryEmail?: stringverifiedRecoveryEmail?: booleanrecoveryPhone?: stringverifiedRecoveryPhone?: booleanmodifiedTime?: number/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match * roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}created?: boolean}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match * roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}Search Users POST
### Search for users, using a valid management key. This API endpoint will search for users utilizing a valid management key. Searches can be defined with any combination of roles or tenants. You can also only send the request with an empty payload to return all users. The response will include the following details on all users within an array of objects: - loginIds - userId - name - email - phone - verified settings (phone, email) - Tenant configurations (tenantIds, roleNames) ### Next Steps You can then parse through the response in order to find any users which you may need to delete, update, etc. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.
Batch Create Users POST
### Batch Create Users, using a valid management key. This API endpoint will batch create new users utilizing a valid management key. This API endpoint allows you to configure all aspects of a user: - loginId - email - phone - verified settings (phone, email) - one must be set to true - displayName - roleNames - Tenant configurations - which tenantIds, which roleNames. The userTenants can include multiple items Ex: ``` "userTenants": [ { "tenantId": "T2IMjmRfYTQHlbaastz3im59ERS3", "roleNames": [ "Test" ] }, { "tenantId": "T2Igau6dX1R6SkomtFCdBLrc3r67", "roleNames": [ "Test" ] } ``` Additionally, you can create a user with multiple login IDs by passing an array of loginIds in string format within the `additionalIdentifiers` key. You can also decide whether to invite the users, configure the inviteUrl, and whether to send invites via email or SMS. When importing with hashed passwords, see [this guide](/migrate/custom#importing-passwords) for further detailed configuration of password hash formats. ### Next Steps Once the user is created, the user can then login utilizing any sign-in api supported. This will then switch the user from invited to active. ### See also - See [Manage User](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.