User.create - REST API

Overview

Creates a new regular user. Input UST must belong to a logged in super-user.

  • HTTP method: POST
  • URL path: /zato/sso/user

Request

NameDatatypeOptionalNotes
uststring---Current user's session token (UST)
current_appstring---Name of application that the call is attempted from
usernamestring---Must be unique among all users
passwordstringYesIf not given, a random string of 192 bits will be assigned
password_must_changeboolYesWhether user must change the password on first login
emailstringYesUser's email
display_namestringYesDisplay name
first_namestringYesFirst name
middle_namestringYesMiddle name
last_namestringYesLast name
is_totp_enabledboolYesShould TOTP-based two factor authentication be enabled for user
totp_keystringYesUser's TOTP key, one will be auto-generated for user if it is not given on input, even if is_totp_enabled is False
totp_labelstringYesAn arbitrary label assigned to user's TOTP key for convenience
is_lockedboolYesShould the account be locked upon creation, i.e. logging in will not be possible until unlocked
sign_up_statusstringYesUser's initial signup status, by default it is 'final' meaning the user is fully signed up

Response

NameDatatypeOptionalNotes
cidstring---Correlation ID assigned to request
statusstring---Overall status code
sub_statuslistYesReturned only if status is not "ok", a list of error or warning codes
user_idstring---ID of the user returned
usernamestring---Username of the user
emailstringYesE-mail
display_namestringYesDisplay name
first_namestringYesFirst name
middle_namestringYesMiddle name
last_namestringYesLast name
is_activeboolYesReturned to superIf the
is_internalboolYesDoes the account belong to Zato internally?
is_super_userboolYesIs the user a super-user?
is_approval_neededbool---Is a super-user's approval needed for this account to become fully active?
approval_statusstring---Current approval status, one of: before_decision, approved, rejected
approval_status_mod_bystring---By whom the approval status was last changed, will be 'auto' for users created from command line
approval_status_mod_timedatetime---When was that approval status last changed
is_lockedboolYesHas this account been locked by a super-user?
locked_timestringYesIf locked, when was it?
locked_bystringYesIf locked, who by?
creation_ctxstringYesOpaque metadata describing account creation
approv_rej_timestringYesIf approved or rejected, when was it?
approv_rej_bystringYesIf approved or rejected, who by?
password_expirystringYesWhen will that account's password expire?
password_is_setboolYes(Reserved for future use)
password_must_changeboolYesIs the user required to change password on next login?
password_last_setstringYesWhen was the password last set?
sign_up_statusstringYesSignup process status, returned values are: before_confirmation, to_approve, final
sign_up_timedatetimeYesWhen did the user sign up with the system?
is_totp_enabledboolYesShould TOTP-based two factor authentication be enabled for user
totp_keystringYesUser's TOTP key, one will be auto-generated for user if it is not given on input, even if is_totp_enabled is False
totp_labelstringYesAn arbitrary label assigned to user's TOTP key for convenience

Usage

$ curl -XPOST localhost:17010/zato/sso/user -d '
  {
    "ust": "gAAAAABalqIqH4T2cEry9wYmFUJKzJo7...",
    "current_app": "CRM",
    "username": "user1",
    "email": "myuser@example.com",
    "display_name": "My User"
  }
  '

  {
      "approval_status": "before_decision",
      "approval_status_mod_by": "auto",
      "approval_status_mod_time": "2028-02-24T12:56:58",
      "cid": "de00deb0471188dcdd9913a8",
      "display_name": "My User",
      "email": "myuser@example.com",
      "is_active": true,
      "is_approval_needed": true,
      "is_internal": false,
      "is_locked": false,
      "is_super_user": false,
      "password_expiry": "2020-02-25T15:39:53",
      "password_is_set": true,
      "password_last_set": "2028-02-25T15:39:53",
      "password_must_change": false,
      "sign_up_status": "final",
      "sign_up_time": "2028-02-24T12:56:58",
      "status": "ok",
      "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
      "username": "user1"
  }