POST /tenant-management/api/system/tenants/{tenant}/users

As of Versionproduct version 2020 Winter | component version 1.0
Request MethodPOST
Response FormatJSON
Description

Creates a new user with the given properties for the specified tenant.


Required user role: YUUVIS_TENANT_ADMIN

The properties for the new user are passed in JSON format. In the response, the user ID is returned again in JSON format.

The only required parameter is username, but specifying the email parameter is recommended. The specified e-mail address is used to invite users after they have been created and in case they have forgotten their password. If no SMTP parameters are set for a new user, no invitation e-mail can be sent. The currently logged-in user will be informed.

It is recommended to deactivate users instead of deleting them. Their user names might be required for compliance reasons.

New users are created with the Keycloak settings shown in the screenshot below (click to enlarge). The first actions newly created users have to carry out are specified under Required User Actions. In this configuration, these are Update Password and Update Profile. Hence, new users have to register by setting a password and other user data. The URL to the registration page is specified in the e-mail invitation.

yuuvis® Momentum client as reference implementation displays the user's name in the following format: lastName, firstName (username).

Meaning of the response status codes:
HTTP Status CodeMeaning
201 CREATEDSuccessful, the user with the specified properties has been created.
401 UNAUTHORIZEDThe call was unauthorized.
409 CONFLICT

At least one of the following situations occurred:

  • The username is not unique.
  • The email address is not unique.
  • The email address or password must be set.
  • The role {ROLE_NAME} was not found.
Request Example

Will be introduced with the Release Candidate with the tag 1.1.0-rc2: If the password is not set, but an e-mail address is specified and the withInvitation call parameter is defined as true, an e-mail invitation is sent to the specified address by Keycloak.

POST /tenant-management/api/system/tenants/{tenant}/users?withInvitation=true HTTP/1.1

If the parameter withInvitation is not given the default is "true".

Beginning with 2021 Autumn Alpha 4: 
POST /tenant-management/api/system/tenants/{tenant}/users?withInvitation=true&temporaryPassword=false HTTP/1.1

If the temporaryPassword parameter is not specified, the default is "true".

{
  "email": "example@exampleprovider.de",
  "username": "mrexample",
  "firstName": "Examplename",
  "lastName": "Examplesurname",
  "roles": ["role1","role2"],
  "enabled": true,
  "password": "asecurepassword"
}
Response Example
{
  "id": "a00a0bb1-1234-5c66-7890-00fbb1c1a222"
}