User Endpoints
The user management endpoints provide CRUD operations for user accounts, role assignment, account state management, and password operations. All endpoints require authentication and most require ADMIN or PLATFORM_ADMIN roles. Served by UserController at /api/v1/users.
Endpoints
| Method | Endpoint | Description | Role |
|---|---|---|---|
| POST | /api/v1/users | Create user | Admin |
| GET | /api/v1/users/:userId | Get user by ID | Admin |
| GET | /api/v1/users/me | Get current user | Any |
| GET | /api/v1/users | List users (paginated) | Admin |
| PUT | /api/v1/users/:userId | Update user | Admin |
| PUT | /api/v1/users/me | Update current user | Any |
| PUT | /api/v1/users/:userId/roles | Update user roles | Admin |
| PUT | /api/v1/users/:userId/enable | Enable user account | Admin |
| PUT | /api/v1/users/:userId/disable | Disable user account | Admin |
| PUT | /api/v1/users/:userId/unlock | Unlock locked account | Admin |
| DELETE | /api/v1/users/:userId | Delete user | Admin |
| POST | /api/v1/users/me/password | Change own password | Any |
| POST | /api/v1/users/:userId/reset-password | Admin reset password | Admin |
POST /api/v1/users
Creates a new user account within the tenant.
Headers: X-Tenant-ID (required)
{
"email": "new.user@example.com",
"firstName": "John",
"lastName": "Doe",
"password": "initialPassword123",
"roleIds": [1, 2]
}| Status | Description |
|---|---|
| 201 | User created, returns UserResponse |
| 400 | Invalid request or email already exists |
GET /api/v1/users
Returns a paginated list of users. Supports search by name or email.
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
search | string | Filter by name or email |
page | int | Page number (default: 0) |
size | int | Page size (default: 20) |
GET /api/v1/users/me
Returns the profile of the currently authenticated user. Does not require admin privileges.
PUT /api/v1/users/:userId/roles
Replaces all roles assigned to a user.
[1, 3, 5]The request body is an array of role IDs. Returns the updated UserResponse.
Account State Operations
| Endpoint | Effect |
|---|---|
PUT /api/v1/users/:userId/enable | Sets account to enabled state |
PUT /api/v1/users/:userId/disable | Sets account to disabled state (blocks login) |
PUT /api/v1/users/:userId/unlock | Resets failed login counter and unlocks the account |
Password Operations
Change own password (POST /api/v1/users/me/password):
{
"currentPassword": "oldPassword",
"newPassword": "newSecurePassword123"
}Admin reset (POST /api/v1/users/:userId/reset-password): Returns a temporaryPassword that the user must change on next login.