CreateUser - POST
|
Path |
/api/users |
|---|---|
|
Http Method |
POST |
Overview
NO LICENSE
Create a user and their access rights. Users are automatically created if they connect to the app via the SSO (but they are not assigned any access rights). The “id“ of a user is their “email“, which is also the claim that is read from JWT tokens and that are used through the Bearer authentication method.
Required permissions
-
Global administration privileges. ADMIN
Request
Request body
{
"email": "myuser@test.com",
"name": "My User",
"isAdmin": true,
"accessRights": {}
}
Field descriptions
|
Field |
Type |
Required |
Description |
Constraints |
|---|---|---|---|---|
|
|
string |
yes |
The email of the user, which is used as their SSO identifier. |
|
|
name |
string |
no |
The display name of the user. Defaults to empty. |
|
|
isAdmin |
boolean |
no |
Whether or not the user is a global administrator. Default to false. |
|
|
accessRights |
object |
no |
The user’s access rights. Defaults to no access rights. |
Response
Success response (200 OK)
{
"id": "a11a4f18642a4701bb4d0e7e01585d15",
"email": "myuser@test.com",
"name": "My User",
"creationDate": "2026-01-21T15:55:31.3007285Z",
"accessRights": {},
"aggregatedAccessRights": {},
"isAdmin": true,
"isRootAdmin": false
}
Response fields
|
Field |
Type |
Description |
|---|---|---|
|
id |
string |
The app-generated id of the user. |
|
|
string |
The email of the user. This is their main identifier through SSO. |
|
name |
string |
The name of the user. If another name is passed as a SSO claim, it will be replaced. |
|
creationDate |
string |
The date at which this user was created. |
|
accessRights |
object |
The access rights explicitly assigned to the user. See: Metavault API - General concepts |
|
aggregatedAccessRights |
object |
The access rights of the user, including rights given by groups the user is in. These are probably the access rights you want. See: Metavault API - General concepts |
|
isAdmin |
boolean |
Whether or not the user is a global admin. |
|
isRootAdmin |
boolean |
Whether or not the user is the root admin. The root admin is the user whose email is setup in the app parameters as |
Response links and embedded objects
|
Name |
Link |
Constraints |
|---|---|---|
|
groups |
|
|