provision/user
Use this resource to complete simple queries and user provisioning and deprovisioning requests. The user must be an account administrator.
Method summary
HTTP Method | Path | Description |
---|---|---|
GET | /scr/api/provision/user/ | Retrieves details about a specific user account and lists all users in the account as a JSON array. |
PUT | /scr/api/provision/user/ | Adds a user or updates the user's membership in groups. |
DELETE | /scr/api/provision/user/ | Archives each user individually, removes a user from all groups, or removes a user from one or more specified groups. |
GET /scr/api/provision/user/
- Description
-
Use this method to retrieve details about a specific user account and list all account users in a JSON array.
The user provisioning service provides the following forms of a query method:- The base URI behaves as a collection URI and retrieves a list of users in the account as a JSON array.
- The base URI with the user's email address behaves as an element URI and retrieves specific details about the account that is specified by the email address.
- Resource information
-
Requirements Description Response format JSON Requires authentication Yes. The user must be an account administrator. Supports OAuth 2 client credentials Yes using a User Service ID containing User Management Category Rate limited Not yet
- Parameters
-
Name Location Description Required Type version Header The requested API version is 1.0
.Yes String
- Response
-
- Example input
- LIST all users in the account:
/scr/api/provision/user/
- Using OAuth 2 client
credentials:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" "https://your_server_url/scr/api/provision/user"
/scr/api/provision/user/email_address
Important: Theemail_address
parameter must be properly encoded.- Using OAuth 2 client
credentials:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" "https://your_server_url/scr/api/provision/user/user_id%40us.ibm.com"
- Using OAuth 2 client
credentials:
- Example output
- LIST all users in the account:
GET the details of a specific user:HTTP/1.1 200 OK { "users":["admin@us.ibm.com", "user_id@us.ibm.com","test@us.ibm.com"] }
HTTP/1.1 200 OK Content-Length: 108 { "fullname": "John Smith", "username": "john.smith4@acme.com", "license": "VIEWER", "businessunit": { "name": "Shipping", "id": "150007" }, "admin": false, "active": true, }
- Response properties
-
- username
- The email address of the provisioned user.
- fullname
- The full name of the provisioned user. The default value is an empty string.
- license
- The license level of the provisioned user. The default value is
EDITOR
- admin
- The value is
true
if the user is an administrator. Otherwise, the value isfalse
. - active
- The value is
true
if the user is active. Otherwise, the value isfalse
. - businessunit
- The department, division, workgroup, or functional area that the user works in.
- usergroups
- The list of groups that the user is a part of. This property is returned only if the user is a part of at least one group.
- usergroups.groupname
- The name of a group that the user is a part of.
- Response messages
-
HTTP code Reason 200 with JSON payload The request was completed successfully.
400 with JSON payload There was an error processing the request. Required parameters were missing or contained invalid values.
401 The user isn't authorized to make the request.
403 Access is forbidden. This message might appear for one of the following reasons:- The specified credentials are invalid.
- This user isn't an editor for this process.
- APIs aren't enabled by the administrator. APIs must be enabled on the Account Information tab.
- The administrator didn't accept the Terms and Conditions of service.
404 The specified GET user is not found.
PUT /scr/api/provision/user/
- Description
- Use this method to add a user and update the user's membership in groups.
- The base URI behaves as an add method. With the add method, when a previously archived user is added, the account of that user is reactivated.
- The base URI with the username behaves as an update method. The update method is used to update the user's membership in one or multiple groups. If the username is non-existent, then a user is created with default attributes, as listed below.
- Resource information
-
Requirements Description Response format JSON Requires authentication Yes. The user must be an account administrator. Supports OAuth 2 client credentials Yes using a User Service ID containing User Management Category Rate limited Not yet
- Parameters
-
Name Location Description Required Type content-type Header The value must be application/json
.Yes String version Header The requested API version is 1.0
.Yes String JSON Request admin JSON body The parameter value, true
orfalse
, indicates whether the provisioned user must be an administrator. The default setting isfalse
.Yes Boolean JSON Request fullname JSON body The full name of the user to be provisioned. A blank full name is used if none is provided. Yes String JSON Request license JSON body The license level of the user. The possible values are VIEWER
,COMMUNITY
,CONTRIBUTOR
, orEDITOR
. The license is set to defaultEDITOR
level if none is provided.Yes String JSON Request username JSON body The email address of the user to be provisioned. Yes, when adding a new user. String JSON Request usergroups JSON body The JSON array of group names. Add user to the list of usergroups
. The user is not added to the groups if the list is empty.Yes, for updating. JSON array of strings businessunitid JSON body The ID of an existing business unit. The business unit must already exist. No String businessunitname JSON body The name of a business unit. If a business unit with this name already exists, it is used. Otherwise, a new business unit is created. You can specify either the businessunitid or the businessunitname. If you provide both, the businessunitid takes precedence.
No String
- Response
-
- Example input
-
Provision a specific user:
/scr/api/provision/user/
Provision a user with only the required username parameter in the JSON Body:- Using OAuth 2 client
credentials:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"username\":\"user1@us.ibm.com\"}" "https://your_server_url/scr/api/provision/user/"
Provision a user with all parameters in the JSON body:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"username\":\"john.smith@us.ibm.com\",\"fullname\":\"John Smith\",\"license\":\"EDITOR\",\"admin\":true, \"usergroups\":[{\"groupname\":\"group1\"},{\"groupname\":\"group2\"}]}" "https://your_server_url/scr/api/provision/user/"
Add an existing user to a group:
/scr/api/provision/user/email_address
Important: Theemail_address
parameter must be properly encoded.Add a user to groups:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"usergroups\":[{\"groupname\":\"group1\"},{\"groupname\":\"group2\"}]}" "https://your_server_url/scr/api/provision/user/user1%40us.ibm.com"
Add a user to an invalid group:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"usergroups\":[{\"groupname\":\"invalid\"}]}" "https://your_server_url/scr/api/provision/user/user1%40us.ibm.com"
Add a new user and associate the user with an existing business unit using a business unit ID:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"username\":\"john.smith4@acme.com\",\"fullname\":\"John Smith\",\"license\":\"VIEWER\",\"admin\":false, \"businessunitid\":\"150007\"}" "https://your_server_url/scr/api/provision/user/user1%40us.ibm.com"
Add a new user and associate the user with a business unit using a business unit name:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"username\":\"john.smith4@acme.com\",\"fullname\":\"John Smith\",\"license\":\"VIEWER\",\"admin\":false, \"businessunitname\":\"Shipping\"}" "https://your_server_url/scr/api/provision/user/user1%40us.ibm.com"
- Adding multiple users
-
A sample MS-DOS script is used to exercise the PUT request multiple times with values from a CSV file. The script maps the token to each column in the CSV file. More robust scripting with Perl, Python, or another language can also be used.
for /f "tokens=1,2,3,4,5,6* delims=," %%a in (usersdetail.csv) do curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -H "Content-Type:application/json" -X PUT --data "{\"username\":\"%%a\", \"fullname\":\"%%b\",\"license\":\"%%c\",\"admin\":%%d,\"usergroups\":[{\"groupname\":\"%%e\"},{\"groupname\":\"%%f\"}]}" "http://localhost:8080/scr/api/provision/user/"
Theusersdetail.csv
is then in the same directory as the batch script with the following sample content:abc@ibm.com,john smith,editor,true, groupA, groupB bac@ibm.com,smith john,community,false,group1, groupB
Note: The token is manually mapped to columns in the CSV file; therefore, it is best if all provisioned users belong to the same number of groups.
- Using OAuth 2 client
credentials:
- Example output
-
Provision a user with only the required username parameter in the JSON Body:
HTTP/1.1 200 OK Content-Length: 107 {"username":"user1@us.ibm.com","fullname":"","license":"EDITOR","admin":false,"active":true}
Provision a user with all parameters in the JSON body:
HTTP/1.1 200 OK Content-Length: 155 {"username":"john.smith@us.ibm.com","fullname":"John Smith","license":"EDITOR","admin":true,"active":true, "usergroups":[{"groupname":"group1"},{"groupname":"group2"}]}
Add a duplicate user:
HTTP/1.1 400 Bad Request Content-Length: 71 {"message":"The provided username is already a member of this account"}
Add a user to groups:
HTTP/1.1 200 OK Content-Length: 107 {"username":"user1@us.ibm.com","fullname":"User One","license":"EDITOR","admin":true,"active":true, "usergroups":[{"groupname":"group1"},{"groupname":"group2"}]}
Add a user to an invalid group:
HTTP/1.1 400 Bad Request Content-Length: 79 {"message":"One of the provided groupname is either archived or is not valid."}
- Response properties
-
- username
- The email address of the provisioned user.
- fullname
- The full name of the provisioned user. The default value is an empty string.
- license
- The license level of the provisioned user. The default value is
EDITOR
. - admin
- The value is
true
if the user is an administrator. Otherwise, the value isfalse
. - active
- The value is
true
if the user is active. Otherwise, the value isfalse
. - usergroups
- The list of groups that the user is a part of. This is returned only if the user is a part of at least one group.
- usergroups.groupname
- The name of the group that the user is a part of.
- Response messages
-
HTTP code Reason 200 with JSON payload The request was completed successfully.
400 There was an error processing the request. Check the JSON message element for details. This message might appear for one of the following reasons: - The specified user already exists.
- There is an issue with the format or the licensing.
401 The user isn't authorized to make the request.
403 Access is forbidden. This message might appear for one of the following reasons:- The specified credentials are invalid.
- This user isn't an editor for this process.
- APIs aren't enabled by the administrator. APIs must be enabled on the Account Information tab.
- The administrator didn't accept the Terms and Conditions of service.
404 The specified user is not found.
DELETE /scr/api/provision/user/
- Description
- Use this method to archive each user individually, to remove a user from all groups, or to remove a user from one or more specified groups. The user archiving service provides a single form of the DELETE method, so there is no support for collections. This method can be called repeatedly to delete multiple users.
- Resource information
-
Requirements Description Response format JSON Requires authentication Yes. The user must be an account administrator. Supports OAuth 2 client credentials Yes using a User Service ID containing User Management Category Rate limited Not yet
- Parameters
-
Name Location Description Required Type version Header The requested API version is 1.0
.Yes String groups/group-id Path The identifier of the group to remove the user from. Use commas to separate multiple groups. To remove the user from all groups, use /groups. No String
- Response
-
- Example input
-
Important: The
email_address
parameter must be properly encoded.Delete a specific user in the account:
/scr/api/provision/user/email_address
- Using OAuth 2 client
credentials:
curl -i -H "Authorization: Bearer access_token" -H "Version:1.0" -X DELETE "https://your_server_url/scr/api/provision/user/user1%40domain.com"
- Using OAuth 2 client
credentials:
- Example output
-
Delete a user:
HTTP/1.1 200 OK Content-Length: 21 {"message":"Success"}
Delete a non-existent user:
HTTP/1.1 404 Not Found Content-Length: 0
Remove a user from specified groups:
HTTP/1.1 200 OK Content-Length: 21 {"message":"Success"}
- Response properties
- None
- Response messages
-
HTTP code Reason 200 with JSON payload The request was completed successfully.
400 There was an error processing the request. Check the JSON message element for details. This message might appear for one of the following reasons: - The group ID is not valid or the group cannot be found.
- The user does not belong to the group.
- The user has Manage and Edit permissions for the group and cannot be removed.
401 The user isn't authorized to make the request.
403 Access is forbidden. This message might appear for one of the following reasons:- The specified credentials are invalid.
- This user isn't an editor for this process.
- APIs aren't enabled by the administrator. APIs must be enabled on the Account Information tab.
- The administrator didn't accept the Terms and Conditions of service.
404 The requested user is not found.