User 22 endpoints

POST /api/v1/users/{userId}/lifecycle/reset_password Reset Password

Generates a one-time token (OTT) that can be used to reset a user’s password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.

operationId: User_generatePasswordResetToken

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
sendEmail	query	required	boolean	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/reset_password

POST /api/v1/users/{userId}/lifecycle/suspend Suspend User

Suspends a user. This operation can only be performed on users with an ACTIVE status. The user will have a status of SUSPENDED when the process is complete.

operationId: User_suspendLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

POST /api/v1/users/{userId}/lifecycle/suspend

POST /api/v1/users/{userId}/lifecycle/unlock Unlock User

Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status. Users will be able to login with their current password.

operationId: User_unlockUserStatus

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/unlock

POST /api/v1/users/{userId}/lifecycle/unsuspend Unsuspend User

Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status.

operationId: User_unsuspendLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/unsuspend

DELETE /api/v1/users/{userId}/linkedObjects/{relationshipName}

Delete linked objects for a user, relationshipName can be ONLY a primary relationship name

operationId: User_deleteLinkedObjects

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
relationshipName	path	required	string	—

Responses

204

No Content

DELETE /api/v1/users/{userId}/linkedObjects/{relationshipName}

GET /api/v1/users/{userId}/linkedObjects/{relationshipName}

Get linked objects for a user, relationshipName can be a primary or associated relationship name

operationId: User_getLinkedObjects

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
relationshipName	path	required	string	—
after	query	optional	string	—
limit	query	optional	integer	—

Responses

200

Success

GET /api/v1/users/{userId}/linkedObjects/{relationshipName}

GET /api/v1/users/{userId}/roles

Lists all roles assigned to a user.

operationId: User_listAssignedRoles

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/users/{userId}/roles

POST /api/v1/users/{userId}/roles

Assigns a role to a user.

operationId: User_assignRole

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
disableNotifications	query	optional	boolean	—

Request Body

application/json

schema AssignRoleRequest

Responses

201

Created

POST /api/v1/users/{userId}/roles

DELETE /api/v1/users/{userId}/roles/{roleId}

Unassigns a role from a user.

operationId: User_unassignRole

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/users/{userId}/roles/{roleId}

GET /api/v1/users/{userId}/roles/{roleId}

Gets role that is assigne to user.

operationId: User_getAssignedRole

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—

Responses

200

Success

GET /api/v1/users/{userId}/roles/{roleId}

GET /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps

Lists all App targets for an APP_ADMIN Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an ID value, while Application will not have an ID.

operationId: User_listAppTargetsForRole

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
after	query	optional	string	—
limit	query	optional	integer	—

Responses

200

Success

GET /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps

PUT /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps

Success

operationId: User_updateRolesCatalogApps

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—

Responses

200

Success

PUT /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps

DELETE /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}

Success

operationId: User_deleteTargetApp

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
appName	path	required	string	—

Responses

204

No Content

DELETE /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}

PUT /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}

Success

operationId: User_updateRolesCatalogApps

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
appName	path	required	string	—

Responses

200

Success

PUT /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}

DELETE /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} Remove App Instance Target to App Administrator Role given to a User

Remove App Instance Target to App Administrator Role given to a User

operationId: User_removeAppInstanceTargetToAppAdministratorRoleGivenTo

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
appName	path	required	string	—
applicationId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

PUT /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} Add App Instance Target to App Administrator Role given to a User

Add App Instance Target to App Administrator Role given to a User

operationId: User_addAppInstanceTargetToAppAdministratorRoleGivenToUser

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
appName	path	required	string	—
applicationId	path	required	string	—

Responses

204

No Content

PUT /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

GET /api/v1/users/{userId}/roles/{roleId}/targets/groups

Success

operationId: User_listRoleTargetsGroups

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
after	query	optional	string	—
limit	query	optional	integer	—

Responses

200

Success

GET /api/v1/users/{userId}/roles/{roleId}/targets/groups

DELETE /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}

Success

operationId: User_removeTargetGroup

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
groupId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}

PUT /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}

Success

operationId: User_updateRolesCatalogApps

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
roleId	path	required	string	—
groupId	path	required	string	—

Responses

200

Success

PUT /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}

DELETE /api/v1/users/{userId}/sessions

Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.

operationId: User_revokeAllSessions

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
oauthTokens	query	optional	boolean	Revoke issued OpenID Connect and OAuth refresh and access tokens

Responses

204

No Content

DELETE /api/v1/users/{userId}/sessions

GET /api/v1/users/{userId}/subscriptions List subscriptions of a User

List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.

operationId: User_listSubscriptions

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

404

Not Found

GET /api/v1/users/{userId}/subscriptions

GET /api/v1/users/{userId}/subscriptions/{notificationType} Get the subscription of a User with a specific notification type

Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.

operationId: User_getSubscriptionByNotification

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
notificationType	path	required	string	—

Responses

200

Success

404

Not Found

GET /api/v1/users/{userId}/subscriptions/{notificationType}

Userfactor 9 endpoints

GET /api/v1/users/{userId}/factors

Enumerates all the enrolled factors for the specified user

operationId: UserFactor_enumerateEnrolled

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

GET /api/v1/users/{userId}/factors

POST /api/v1/users/{userId}/factors Enroll Factor

Enrolls a user with a supported factor.

operationId: UserFactor_enrollSupportedFactor

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
updatePhone	query	optional	boolean	—
templateId	query	optional	string	id of SMS template (only for SMS factor)
tokenLifetimeSeconds	query	optional	integer	—
activate	query	optional	boolean	—

Request Body

required

Factor

application/json

schema UserFactor

Property	Type	Required
id	string	optional
_links	object	optional
status	string	optional
verify	object	optional
└ answer	string	optional
└ passCode	string	optional
└ clientData	string	optional
└ stateToken	string	optional
└ attestation	string	optional
└ nextPassCode	string	optional
└ activationToken	string	optional
└ registrationData	string	optional
created	string	optional
provider	string	optional
_embedded	object	optional
factorType	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/users/{userId}/factors

GET /api/v1/users/{userId}/factors/catalog

Enumerates all the supported factors that can be enrolled for the specified user

operationId: UserFactor_enumerateSupportedFactors

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

GET /api/v1/users/{userId}/factors/catalog

GET /api/v1/users/{userId}/factors/questions

Enumerates all available security questions for a user’s question factor

operationId: UserFactor_enumerateSecurityQuestions

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

GET /api/v1/users/{userId}/factors/questions

DELETE /api/v1/users/{userId}/factors/{factorId}

Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.

operationId: UserFactor_unenrollFactor

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/users/{userId}/factors/{factorId}

GET /api/v1/users/{userId}/factors/{factorId}

Fetches a factor for the specified user

operationId: UserFactor_getFactor

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—

Responses

200

Success

GET /api/v1/users/{userId}/factors/{factorId}

POST /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate Activate Factor

The sms and token:software:totp factor types require activation to complete the enrollment process.

operationId: UserFactor_activateFactorLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—

Request Body

application/json

schema ActivateFactorRequest

Responses

200

Success

POST /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate

GET /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}

Polls factors verification transaction for status.

operationId: UserFactor_pollFactorTransactionStatus

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—
transactionId	path	required	string	—

Responses

200

Success

GET /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}

POST /api/v1/users/{userId}/factors/{factorId}/verify Verify MFA Factor

Verifies an OTP for a token or token:hardware factor

operationId: UserFactor_verifyOtp

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—
templateId	query	optional	string	—
tokenLifetimeSeconds	query	optional	integer	—
X-Forwarded-For	header	optional	string	—
User-Agent	header	optional	string	—
Accept-Language	header	optional	string	—

Request Body

application/json

schema VerifyFactorRequest

Responses

200

Success

POST /api/v1/users/{userId}/factors/{factorId}/verify

Userschema 4 endpoints

GET /api/v1/meta/schemas/apps/{appInstanceId}/default Fetches the Schema for an App User

Fetches the Schema for an App User

operationId: UserSchema_getUserSchema

Parameters

Name	In	Required	Type	Description
appInstanceId	path	required	string	—

Responses

200

successful operation

GET /api/v1/meta/schemas/apps/{appInstanceId}/default

POST /api/v1/meta/schemas/apps/{appInstanceId}/default Partial updates on the User Profile properties of the Application User Schema.

Partial updates on the User Profile properties of the Application User Schema.

operationId: UserSchema_partialUpdateUserProfile

Parameters

Name	In	Required	Type	Description
appInstanceId	path	required	string	—

Request Body

application/json

schema UserSchema

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
title	string	optional
_links	object	optional
$schema	string	optional
created	string	optional
properties	object	optional
└ profile	object	optional
└ allOf	array	optional
definitions	object	optional
└ base	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
└ city	object	optional
└ email	object	optional
└ login	object	optional
└ state	object	optional
└ title	object	optional
└ locale	object	optional
└ manager	object	optional
└ zipCode	object	optional
└ division	object	optional
└ lastName	object	optional
└ nickName	object	optional
└ timezone	object	optional
└ userType	object	optional
└ firstName	object	optional
└ managerId	object	optional
└ costCenter	object	optional
└ department	object	optional
└ middleName	object	optional
└ profileUrl	object	optional
└ countryCode	object	optional
└ …11 more	object	optional
└ custom	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
lastUpdated	string	optional

Responses

200

successful operation

POST /api/v1/meta/schemas/apps/{appInstanceId}/default

GET /api/v1/meta/schemas/user/{schemaId} Fetches the schema for a Schema Id.

Fetches the schema for a Schema Id.

operationId: UserSchema_getSchemaById

Parameters

Name	In	Required	Type	Description
schemaId	path	required	string	—

Responses

200

Success

GET /api/v1/meta/schemas/user/{schemaId}

POST /api/v1/meta/schemas/user/{schemaId}

Partial updates on the User Profile properties of the user schema.

operationId: UserSchema_partialUpdateUserProfile

Parameters

Name	In	Required	Type	Description
schemaId	path	required	string	—

Request Body

required

application/json

schema UserSchema

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
title	string	optional
_links	object	optional
$schema	string	optional
created	string	optional
properties	object	optional
└ profile	object	optional
└ allOf	array	optional
definitions	object	optional
└ base	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
└ city	object	optional
└ email	object	optional
└ login	object	optional
└ state	object	optional
└ title	object	optional
└ locale	object	optional
└ manager	object	optional
└ zipCode	object	optional
└ division	object	optional
└ lastName	object	optional
└ nickName	object	optional
└ timezone	object	optional
└ userType	object	optional
└ firstName	object	optional
└ managerId	object	optional
└ costCenter	object	optional
└ department	object	optional
└ middleName	object	optional
└ profileUrl	object	optional
└ countryCode	object	optional
└ …11 more	object	optional
└ custom	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/meta/schemas/user/{schemaId}

Usertype 6 endpoints

GET /api/v1/meta/types/user

Fetches all User Types in your org

operationId: UserType_getAllUserTypes

Responses

200

Success

GET /api/v1/meta/types/user

POST /api/v1/meta/types/user

Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.

operationId: UserType_createNewUserType

Request Body

application/json

schema UserType

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
created	string	optional
default	boolean	optional
createdBy	string	optional
description	string	optional
displayName	string	optional
lastUpdated	string	optional
lastUpdatedBy	string	optional

Responses

200

Success

POST /api/v1/meta/types/user

DELETE /api/v1/meta/types/user/{typeId}

Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users

operationId: UserType_deletePermanently

Parameters

Name	In	Required	Type	Description
typeId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/meta/types/user/{typeId}

GET /api/v1/meta/types/user/{typeId}

Fetches a User Type by ID. The special identifier default may be used to fetch the default User Type.

operationId: UserType_getById

Parameters

Name	In	Required	Type	Description
typeId	path	required	string	—

Responses

200

Success

GET /api/v1/meta/types/user/{typeId}

POST /api/v1/meta/types/user/{typeId}

Updates an existing User Type

operationId: UserType_updateExistingType

Parameters

Name	In	Required	Type	Description
typeId	path	required	string	—

Request Body

application/json

schema UserType

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
created	string	optional
default	boolean	optional
createdBy	string	optional
description	string	optional
displayName	string	optional
lastUpdated	string	optional
lastUpdatedBy	string	optional

Responses

200

Success

POST /api/v1/meta/types/user/{typeId}

PUT /api/v1/meta/types/user/{typeId}

Replace an existing User Type

operationId: UserType_replaceExistingType

Parameters

Name	In	Required	Type	Description
typeId	path	required	string	—

Request Body

application/json

schema UserType

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
created	string	optional
default	boolean	optional
createdBy	string	optional
description	string	optional
displayName	string	optional
lastUpdated	string	optional
lastUpdatedBy	string	optional

Responses

200

Success

PUT /api/v1/meta/types/user/{typeId}