User
Endpoints for managing user accounts and sessions.
Create and manage individual user accounts, bulk-create users from a list, authenticate via login/logout, and look up, update, or delete a user by username. Registration and login are public; all other operations require an authenticated session.
Create User
POST
/user
Create a new user account. This endpoint can only be invoked by a logged-in administrator.
Parameters
| Name | Type | Description |
|---|---|---|
| username required | string | Unique username for the account |
| email required | string | Primary email address |
| firstName optional | string | Account holder's first name |
| lastName optional | string | Account holder's last name |
| password required | string | Initial account password |
| phone optional | string | Contact phone number |
| userStatus optional | integer | User status flag |
JSON
{
"username": "theUser",
"firstName": "John",
"lastName": "James",
"email": "[email protected]",
"password": "12345",
"phone": "12345",
"userStatus": 1
}
JSON
{
"id": 10,
"username": "theUser",
"firstName": "John",
"lastName": "James",
"email": "[email protected]",
"phone": "12345",
"userStatus": 1
}
Response Codes
200
Successful operation
400
Invalid input
Create Users With List
POST
/user/createWithList
Create multiple user accounts in a single request by posting an array of user objects.
JSON
[
{
"username": "theUser",
"firstName": "John",
"lastName": "James",
"email": "[email protected]",
"password": "12345",
"phone": "12345",
"userStatus": 1
},
{
"username": "anotherUser",
"firstName": "Jane",
"lastName": "Doe",
"email": "[email protected]",
"password": "67890",
"userStatus": 1
}
]
JSON
[
{
"id": 10,
"username": "theUser",
"firstName": "John",
"lastName": "James",
"email": "[email protected]",
"userStatus": 1
},
{
"id": 11,
"username": "anotherUser",
"firstName": "Jane",
"lastName": "Doe",
"email": "[email protected]",
"userStatus": 1
}
]
Response Codes
200
Successful operation
default
Unexpected error
User Login
GET
/user/login
Authenticate a user with username and password, returning a session token in the response header.
Parameters
| Name | Type | Description |
|---|---|---|
| username optional | string | Username for the account |
| password optional | string | Password for the account (sent in clear-text in this demo API) |
JSON
Logged in user session:2026-04-24T12:00:01.123+00:00
Response Codes
200
Successful operation
400
Invalid username/password supplied
The session token is returned in the X-Expires-After and X-Rate-Limit response headers alongside the response body.
User Logout
GET
/user/logout
Log the currently authenticated user out and invalidate the active session token.
Response Codes
200
Successful operation
default
Unexpected error
Get User by Username
GET
/user/{username}
Retrieve a single user account by its username.
Parameters
| Name | Type | Description |
|---|---|---|
| username required | string | The username of the account to fetch |
JSON
{
"id": 10,
"username": "theUser",
"firstName": "John",
"lastName": "James",
"email": "[email protected]",
"phone": "12345",
"userStatus": 1
}
Response Codes
200
Successful operation
400
Invalid username supplied
404
User not found
Update User
PUT
/user/{username}
Update an existing user account. Only the fields provided in the request body are modified.
Parameters
| Name | Type | Description |
|---|---|---|
| username required | string | The username of the account to update |
| email optional | string | Updated email address |
| firstName optional | string | Updated first name |
| lastName optional | string | Updated last name |
| password optional | string | Updated password |
| phone optional | string | Updated contact phone number |
| userStatus optional | integer | Updated user status flag |
JSON
{
"firstName": "Johnny",
"email": "[email protected]",
"phone": "555-0199"
}
JSON
{
"id": 10,
"username": "theUser",
"firstName": "Johnny",
"lastName": "James",
"email": "[email protected]",
"phone": "555-0199",
"userStatus": 1
}
Response Codes
200
User updated
400
Bad request
404
User not found
422
Validation exception
Delete User
DELETE
/user/{username}
Delete a user account. This operation is permanent and cannot be undone.
Parameters
| Name | Type | Description |
|---|---|---|
| username required | string | The username of the account to delete |
Response Codes
200
User deleted
400
Invalid username supplied
404
User not found