Users

GET /users

List all users.

Auth required: Yes
Permission: users.manage

Response

{
  "users": [
    {
      "id": "user_abc",
      "username": "alice",
      "displayName": "Alice",
      "email": "alice@example.com",
      "role": "user",
      "failedLoginCount": 0,
      "lockedUntil": null,
      "lastLoginAt": "2024-01-01T00:00:00.000Z",
      "createdAt": "2023-06-01T00:00:00.000Z",
      "mfaEnabled": true
    }
  ]
}

POST /users

Create a new user.

Auth required: Yes
Permission: users.manage

Request body

{
  "username": "bob",
  "password": "min8chars",
  "displayName": "Bob",
  "email": "bob@example.com",
  "role": "user"
}

Response

{
  "id": "user_xyz",
  "username": "bob",
  "displayName": "Bob",
  "email": "bob@example.com",
  "role": "user",
  "failedLoginCount": 0,
  "lockedUntil": null,
  "lastLoginAt": null
}

PUT /users/:id

Update a user's display name, email, or role.

Auth required: Yes
Permission: users.manage

Request body (all fields optional)

{
  "displayName": "Bob Smith",
  "email": "bob.smith@example.com",
  "role": "admin"
}

Response

{ "success": true }

DELETE /users/:id

Delete a user. Cannot delete yourself.

Auth required: Yes
Permission: users.manage

Response

{ "success": true }

POST /users/:id/reset-password

Reset a user's password as an administrator.

Auth required: Yes
Permission: users.manage

Request body

{ "newPassword": "min8chars" }

Response

{ "success": true }

POST /users/:id/unlock

Unlock a user account that has been locked due to too many failed login attempts.

Auth required: Yes
Permission: users.manage

Response

{ "success": true }

GET /users​

POST /users​

PUT /users/:id​

DELETE /users/:id​

POST /users/:id/reset-password​

POST /users/:id/unlock​

GET /users

POST /users

PUT /users/:id

DELETE /users/:id

POST /users/:id/reset-password

POST /users/:id/unlock