RBAC User Operations
This Public Stable API creates, updates, re-invites local users, and converts user status (a local user to an external user or an external user to a local user). This API is intended only for local users managed by the PCE, not users managed by an external identity provider (IdP).
API Methods
Functionality | HTTP | URI |
|---|---|---|
Get a collection of users. |
|
|
GET an individual user |
|
|
Get all the orgs the user has accessed after logging in (this endpoint is Public Experimental) |
|
|
Create a local user and send an e-mail invitation. |
|
|
Convert an external user to a local user. |
|
|
Delete a local user and convert to an external user. |
|
|
Re-invite a local user |
|
|
For authenticated users: change your password by sending a request to the agent service. |
|
|
Parameters for RBAC Users
Property | Description | Type | Required |
|---|---|---|---|
| Indicates that the user created is a | String | No |
| User ID | Integer | Yes |
Properties for RBAC Users
Property | Description | Type | Required |
|---|---|---|---|
| User URI | String | Yes |
| Identify a local user by an e-mail address, which must meet these requirements:
| String (email) | Yes |
| This is populated automatically after a login | String | Yes |
| This is populated automatically after a login | String | Yes |
| Number of times this user logged in | Integer | Yes |
| User's full name | String | Yes |
| Time Zone IANA Region Name | String | Yes |
| User's type, i.e., user authenticated locally or remotely via SAML | String | Yes |
| Timestamp when this user was last updated | String | Yes |
| Timestamp when this user was first created | String | Yes |
| The current password that you want to change | String | Yes |
| A new password to set | String | Yes |
RBAC Users
Get RBAC Users
These methods get a collection of users or an individual user in the organization.
By default, the maximum number of users returned from a GET collection is 500. If you want to get more than 500 users, use an Asynchronous GET Collection.
URI to Get a Collection of Local Users
GET [api_version]/users
URI to Get an Individual User
GET [user_href]
Curl Command Get Collection of Local Users
curl -i -X GET https://pce.my-company.com:8443/api/v2/users?type=local -H "Accept: application/json" -u $KEY:$TOKEN
Response
[
{
"href": "/users/99",
"type": "local",
"effective_groups": [],
"id": 99,
"username": "[email protected]",
"full_name": "Joe User",
"time_zone": "America/Los_Angeles",
"locked": false,
"login_count": 1,
"last_login_ip_address": "192.x.x.x",
"last_login_on": "2016-03-11T08:19:17.587Z",
"local_profile": { "pending_invitation": false },
"created_at": "2016-03-08T20:58:05.882Z",
"updated_at": "2016-03-11T08:19:17.588Z"
}
.....................................................................
{
"href": "/users/56",
"type": "local",
"effective_groups": [],
"id": 56,
"username": "[email protected]",
"full_name": "Jeff User",
"time_zone": "America/New_York",
"locked": false,
"login_count": 21,
"last_login_ip_address": "192.x.x.x",
"last_login_on": "2017-05-26T14:22:37.643Z",
"local_profile": { "pending_invitation": true },
"created_at": "2016-05-02T07:16:21.725Z",
"updated_at": "2017-05-26T14:23:04.625Z"
}
]Pending Invitation
Users with "pending_invitation": "true" in the response have not yet accepted the invitation to log in and create an account.
{
"href": "/users/56",
"type": "local",
"effecve_groups": [],
"id": 56,
"username": "[email protected]",
"full_name": "Jeff User",
"time_zone": "America/New_York",
"locked": false,
"login_count": 21,
"last_login_ip_address": "192.x.x.x",
"last_login_on": "2017-05-26T14:22:37.643Z",
"local_profile": { "pending_invitation": true },
"created_at": "2016-05-02T07:16:21.725Z",
"updated_at": "2017-05-26T14:23:04.625Z"
}Create a Local User
This method creates local users who are managed by the PCE.
URI to Create a Local User
POST [api_version]/users
Request Body
{
"username": "[email protected]",
"display_name": "Joe User ",
"type": "local"
}Curl Command to Create a Local User
curl -i -X POST https://pce.my-company.com:8443/api/v2/users -H "Content-Type: application/json" -u $KEY:$TOKEN -d '{"username": "[email protected]","display_name": "Joe User","type": "user"}' User Profiles
Change a user's status by converting a local user to an external user or an external user to a local user.
Convert Local to External User
This method converts a local user to an external user by deleting the local user account profile.
Use the user HREF, obtained from the response when a user logs into the PCE using the Login API or from the GET collection response.
For example: /users/14
URI to Convert a Local User to an External User
DELETE [user_href]/local_profile
Example
DELETE https://pce.my-company.com:8443/api/v2/users/14/local_profile
Convert Local User to External User
curl -i -X >DELETE https://pce.my-company.com:8443/api/v2/users/14/local_profile -H "Accept: application/json" -u $KEY:$TOKEN
Convert External User to Local User
This method converts externally managed users to local users who are managed by the PCE.
URI to Convert an External User a Local User
POST [user_href]/local_profile
Example
POST https://pce.my-company.com:8443/api/v2/users/14/local_profile
Curl Command Convert External User to Local User
curl -i -X POST https://pce.my-company.com:8443/api/v2/users/14/local_profile -H "Content-Type: application/json" -u $KEY:$TOKEN
Re-invite a Local User
If you have already created a local user, but that user has not logged in yet for the first time, you can use this method to resend the email invitation. Once they receive the invitation, they can log into the PCE and complete their PCE user account registration.
URI to Re-invite a Local User
PUT [user_href]/local_profile/reinvite
Example
PUT https://pce.my-company.com:8443/api/v2/users/14/local_profile/reinvite
Curl Command to Re-invite a Local User
curl -i -X PUT https://pce.my-company.com:8443/api/v2/users/14/local_profile/reinvite -H "Content-Type: application/json" -u $KEY:$TOKEN