16.1.1.9. User endpoints

The user endpoints is a subset of the system endpoint.

GET /user/

list the users in a realm

A normal user can call this endpoint and will get information about his own account.

Parameters:
  • realm – a realm that contains several resolvers. Only show users from this realm
  • resolver – a distinct resolvername
  • <searchexpr> – a search expression, that depends on the ResolverClass
Return:

json result with “result”: true and the userlist in “value”.

Example request:

GET /user?realm=realm1 HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

 {
   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": [
       {
         "description": "Cornelius K\u00f6lbel,,+49 151 2960 1417,+49 561 3166797,cornelius.koelbel@netknights.it",
         "email": "cornelius.koelbel@netknights.it",
         "givenname": "Cornelius",
         "mobile": "+49 151 2960 1417",
         "phone": "+49 561 3166797",
         "surname": "K\u00f6lbel",
         "userid": "1009",
         "username": "cornelius",
         "resolver": "name-of-resolver"
       }
     ]
   },
   "version": "privacyIDEA unknown"
 }
POST /user/
POST /user

Create a new user in the given resolver.

Example request:

POST /user
user=new_user
resolver=<resolvername>
surname=...
givenname=...
email=...
mobile=...
phone=...
password=...
description=...

Host: example.com
Accept: application/json
PUT /user/
PUT /user

Edit a user in the user store. The resolver must have the flag editable, so that the user can be deleted. Only administrators are allowed to edit users.

Example request:

PUT /user
user=existing_user
resolver=<resolvername>
surname=...
givenname=...
email=...
mobile=...
phone=...
password=...
description=...

Host: example.com
Accept: application/json

Note

Also a user can call this function to e.g. change his password. But in this case the parameter “user” and “resolver” get overwritten by the values of the authenticated user, even if he specifies another username.

DELETE /user/(resolvername)/(username)

Delete a User in the user store. The resolver must have the flag editable, so that the user can be deleted. Only administrators are allowed to delete users.

Delete a user object in a user store by calling

Example request:

DELETE /user/<resolvername>/<username>
Host: example.com
Accept: application/json