Users
The User Management API is available after enabling the Service Module, along with the Authentication API endpoint.
๐ Contents
- ๐ Auth Token
- ๐ฅ User Management (Admin Only)
- ๐ User Management Rules
- ๐ง Email and Password Requirements
- ๐ Recommended Practice: Creating a New Admin
๐ Auth Token
POST /api/auth/token
Authenticate and obtain a JWT token for making the calls without rate limits.
Request Example
{
"email": "[email protected]",
"password": "testpassword"
}
Response Example
{
"tokenType": "Bearer",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"expiresIn": 3600
}
๐ฅ User Management (Admin Only)
Create User
POST /api/users
Request Example
{
"email": "[email protected]",
"password": "userspassword"
}
Update User
PUT /api/users/{email}
Request Example
{
"type": "User", // User/Admin
"status": "Active" // Active/Inactive
}
Change Password
PATCH /api/users/{email}
Request Example
{
"newPassword": "newpassword"
}
Delete User
DELETE /api/users/{email}
๐ User Management Rules
- โ๏ธ Admin users are the only ones who can manage other users, including creation, deletion, activation, deactivation, and promotion/demotion.
- โ๏ธ Only active users can interact with the API without rate limits.
- โ๏ธ Delete performs a soft-delete and ensures the user remains in the database but cannot interact with the API. Once soft-deleted, the user cannot be restored.
- โ๏ธ A new user with the same email can be created after a soft-deletion.
๐ง Email and Password Requirements
To maintain security and consistency, the following requirements must be met:
- Email: Must be a valid email format. It will not be used for communication or marketing purposes.
- Password: Must be at least 10 characters long.
๐ Recommended Practice: Creating a New Admin
For enhanced security, follow these steps:
- Create a New Admin User: After the Service Module is configured and the default admin is set, create a new user account and promote it to admin status.
- Deactivate the Default Admin: Once a new admin is established, deactivate the default admin account. This reduces the risk of exposing default credentials and enhances system security.