Skip to main content
POST
/
auth
/
users
Create User
curl --request POST \
  --url https://api.dfns.io/auth/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '{
  "email": "jsmith@example.com",
  "kind": "CustomerEmployee",
  "publicKey": "<string>",
  "externalId": "<string>",
  "isSSORequired": false
}'
{
  "username": "<string>",
  "name": "<string>",
  "userId": "us-6b58p-r53sr-rlrd3l5cj3uc4ome",
  "kind": "CustomerEmployee",
  "credentialUuid": "<string>",
  "orgId": "<string>",
  "permissions": [
    "<string>"
  ],
  "isActive": true,
  "isServiceAccount": true,
  "isRegistered": true,
  "isSSORequired": true,
  "permissionAssignments": [
    {
      "permissionName": "<string>",
      "permissionId": "<string>",
      "assignmentId": "<string>",
      "operations": [
        "<string>"
      ]
    }
  ]
}

Authentication

✅ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
❌ Personal Access Token not allowed
✅ Service Account

Required Permissions

Auth:Users:Create: Always required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json
email
string<email>
required

The email address of the new user.

kind
enum<string>
required

The kind of user being created. In this endpoint it can only be "CustomerEmployee" (creating an "EndUser" is done through the Delegated Registration endpoint)

Available options:
CustomerEmployee
publicKey
string
externalId
string

Value that can be used to correlate the entity with an external system.

isSSORequired
boolean
default:false

If set to true, the user will have to authenticate via SSO

Response

200 - application/json

Success

username
string
required
name
string
required
userId
string
required

User id.

Maximum length: 64
Example:

"us-6b58p-r53sr-rlrd3l5cj3uc4ome"

kind
enum<string>
required

User kind.

Available options:
CustomerEmployee,
EndUser
credentialUuid
string
required
orgId
string
required
isActive
boolean
required
isServiceAccount
boolean
required
isRegistered
boolean
required
isSSORequired
boolean
required
permissionAssignments
object[]
required
permissions
string[]
I