User API

User API provides an interface for user access administration. Back-end for this API is an OIDC provider (either Auth0 for cloud deployment or FusionAuth for on-prem solutions).

Get User Info

This API endpoint accepts a “Bearer” access token of a user. It returns claims related to the user.

POST /user/info

Example request:

{}
Response JSON Object:
  • id (str) – unique OIDC ID of the user.

  • email (str) – user’s e-mail.

  • name (str) – user’s full name.

  • accounting (str) – name of user’s accounting.

  • permissions (list) – list of permissions the user is granted. See permission mechanics for more information.

Example response:

{
    "id": "auth0|mGochhH3Pz5SiCWo8m44",
    "email": "john-smith@example.com",
    "name": "John Smith",
    "accounting": "development",
    "permissions": [
        "imagery.availability",
        "imagery.scene-info"
    ]
}

OIDC Management

This endpoint is currently supported only for Auth0 OIDC provider.

API endpoint returns a JWT token which can be used for access to Auth0 Management API. The token is granted the following scopes: read:users, update:users, delete:users, create:users, read:users_app_metadata, update:users_app_metadata, delete:users_app_metadata, create:users_app_metadata.

Needed Permissions: admin.users.manage

POST /user/manage

Example request:

{}
Response JSON Object:

Example response:

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL0FVVEgwX0RPTUFJTi8iLCJzdWIiOiJVU0VSX0lEIiwiYXVkIjoiaHR0cHM6Ly9BVVRIMF9ET01BSU4vYXBpL3YyLyIsImlhdCI6MTUzMzk3ODM0MSwiZXhwIjoxNTMzOTgwMTQxLCJhenAiOiJDTElFTlRfSUQiLCJzY29wZSI6InJlYWQ6dXNlcnMgdXBkYXRlOnVzZXJzIGRlbGV0ZTp1c2VycyBjcmVhdGU6dXNlcnMgcmVhZDp1c2Vyc19hcHBfbWV0YWRhdGEgdXBkYXRlOnVzZXJzX2FwcF9tZXRhZGF0YSBkZWxldGU6dXNlcnNfYXBwX21ldGFkYXRhIGNyZWF0ZTp1c2Vyc19hcHBfbWV0YWRhdGEiLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMifQ.NnVuJ1IZ5KyWPokQO9p5C5-u5DzV02ry9g8mAaBX9q0"
}

Create Guardian User

This API endpoint allows Guardian managers to create accounts.

Needed Permissions: admin.users.create-guardian-user

POST /user/guardian-user/create
Response JSON Object:
  • email (str) – user’s e-mail.

  • password (str) – user’s initial password.

  • name (str) – user’s full name.

Example request:

{
    "email": "john-smith@example.com",
    "password": "secret",
    "name": "John Smith"
}

Example response:

{}

Delete Guardian User

This API endpoint allows Guardian managers to delete accounts from their group.

Needed Permissions: admin.users.delete-guardian-user

POST /user/guardian-user/delete
Response JSON Object:
  • email (str) – user’s e-mail.

Example request:

{
    "email": "john-smith@example.com"
}

Example response:

{}