User.create - Python API

Creates a new regular user. Current user's UST must belong to a super-user.


create_user(self, cid, data, current_ust, current_app, remote_addr)

  • cid: Correlation ID used by audit log
  • data: A dictionary of key/values to create a new user from. On output, the dictionary will be enriched with defaults assigned during the creation process.
  • current_ust: Current user's UST
  • current_app: Name of application the current user is issuing the call from
  • remote_addr: User's remote address
  • Returns: None - the input 'data' dictionary is modified in place

Keys accepted by the 'data' dictionary:

username------Must be unique among all users
passwordYes192 bitsIf not given, a random string of 192 bits will be assigned
password_must_changeYesFalseIs the user required to change the password before they log in
display_nameYes---Display name
first_nameYes---First name
middle_nameYes---Middle name
last_nameYes---Last name
emailYes---User's email
is_lockedYes---Should the account be locked upon creation, i.e. logging in will not be possible
sign_up_statusYesfinalUser's initial signup status, by default it is 'final' meaning the user is fully signed up
is_totp_enabledYesFalseShould TOTP-based two factor authentication be enabled for user
totp_keyYesAuto-generatedUser's TOTP key, one will be auto-generated for user if it is not given on input, even if is_totp_enabled is False
totp_labelYes<default-label>An arbitrary label assigned to user's TOTP key for convenience
# -*- coding: utf-8 -*-

# Zato
from zato.server.service import Service

class CreateUser(Service):
    def handle(self):

        # Request metadata
        current_ust = 'gAAAAABalo6MX7z62Pyo416OFfDJ-4MuTMmSpIqAmvOXWckG...'
        current_app = 'CRM'
        remote_addr = ''

        # Creation data
        data = {
          'username': 'user1',
          'password': '<password>',
          'password_must_change': True,
          'display_name': 'My User'

        # Create user
        self.sso.user.create_user(self.cid, data, current_ust, current_app, remote_addr)

        # The input dictionary will have been updated in place
  'display_name': 'My User',
  'is_active': True,
  'is_internal': False,
  'is_super_user': True,
  'is_approval_needed': True,
  'approval_status': 'before_decision',
  'approval_status_mod_by': 'zusr3qnafn39208krbt0vt2nypx2ta',
  'approval_status_mod_time': datetime.datetime(2022, 2, 28, 11, 33, 13, 359733),
  'is_locked': False,
  'password_expiry': datetime.datetime(2031, 2, 28, 11, 33, 13, 359733),
  'password_must_change': True,
  'password_last_set': datetime.datetime(2031, 2, 28, 11, 33, 13, 359733),
  'sign_up_time': datetime.datetime(2031, 2, 28, 11, 33, 13, 359733),
  'sign_up_status': 'final',
  'username': 'user1',
  'user_id': 'zusr1e2xwnk9p89ty8y0skcpy795c9'