User Management API
Automate user role management and team membership
OpenAPI Reference
Invite a user to join a team with a specific role.
Behavior:
- If the user already exists in the organization, they will be immediately added to the team
- If the user doesn't exist, an invitation email will be sent
Role Assignment Permissions:
- Admin can invite users with any role (Member, TeamLead, Manager, Admin)
- Manager can invite users with Member, TeamLead, or Manager roles (cannot invite Admin)
Restrictions:
- Cannot invite users to teams that have been synced from external groups
- Team must belong to the same organization as the inviter
JWT ID Token obtained from authentication endpoints.
Required Roles:
- POST /invitation/v1: Admin or Manager
- PATCH /user/v1/:userId: Admin or Manager
Include in the Authorization header as: Bearer {token}
UUID of the team to invite the user to
123e4567-e89b-12d3-a456-426614174000Role to assign to the user.
- Admin can assign any role
- Manager can assign Member, TeamLead, Manager (not Admin)
MemberPossible values: Existing user successfully added to team
trueExisting user successfully added to teamIndicates the user already existed in the organization
trueUUID of the existing user
987e6543-e21b-12d3-a456-426614174999Invitation email sent successfully to new user
Bad request - Invalid input or team constraints
Unauthorized - Missing or invalid authentication token
Insufficient permissions to assign role
Team not found
Internal server error
Update user properties including role, activation status, and team assignment.
Available Updates:
- role: Change the user's role in the organization
- active: Activate or deactivate the user
- teamId: Assign user to a team (or remove from team with
null)
Role Update Permissions:
- Acting user must have sufficient permissions to modify the target user's current role
- Acting user must have sufficient permissions to assign the new role
- Admin can assign any role
- Manager can assign Member, TeamLead, or Manager roles (cannot assign Admin)
Restrictions:
- Cannot modify own account
- Cannot modify anonymized users
- Cannot modify instance administrators
- Cannot activate/deactivate or change team assignment for synced users
All fields are optional - provide only the fields you want to update.
JWT ID Token obtained from authentication endpoints.
Required Roles:
- POST /invitation/v1: Admin or Manager
- PATCH /user/v1/:userId: Admin or Manager
Include in the Authorization header as: Bearer {token}
The unique identifier of the user to update
987e6543-e21b-12d3-a456-426614174999All fields are optional. Provide only the fields you want to update.
New role to assign to the user. Acting user must have sufficient permissions to assign this role.
ManagerPossible values: Activation status of the user. Cannot be modified for synced users.
trueUUID of the team to assign the user to.
Set to null to remove the user from their current team.
Cannot be modified for synced users.
456e7890-e89b-12d3-a456-426614174111User updated successfully
trueUser updated successfullyBad request - Invalid input
Unauthorized - Missing or invalid authentication token
Forbidden - Insufficient permissions or unauthorized action
User or team not found
Conflict - User state prevents modification
Unprocessable Entity - Insufficient permissions for role operation
Internal server error
Permissions
Last updated
Was this helpful?