User API
User API provides an interface for user access administration. Back-end for this API is an OIDC provider (either Auth0 for cloud deployment or FusionAuth for on-prem solutions).
Get User Info
This API endpoint accepts a “Bearer” access token of a user. It returns claims related to the user.
- POST /user/info
Example request:
{}
- Response JSON Object:
id (str) – unique OIDC ID of the user.
email (str) – user’s e-mail.
name (str) – user’s full name.
accounting (str) – name of user’s accounting.
permissions (list) – list of permissions the user is granted. See permission mechanics for more information.
Example response:
{ "id": "auth0|mGochhH3Pz5SiCWo8m44", "email": "john-smith@example.com", "name": "John Smith", "accounting": "development", "permissions": [ "imagery.availability", "imagery.scene-info" ] }
OIDC Management
This endpoint is currently supported only for Auth0 OIDC provider.
API endpoint returns a JWT token which can be used for access to Auth0
Management API. The token is granted the following scopes: read:users
,
update:users
, delete:users
, create:users
,
read:users_app_metadata
, update:users_app_metadata
,
delete:users_app_metadata
, create:users_app_metadata
.
Needed Permissions: admin.users.manage
- POST /user/manage
Example request:
{}
- Response JSON Object:
token (str) – a JWT token which can be used to access Auth0 Management API.
Example response:
{ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL0FVVEgwX0RPTUFJTi8iLCJzdWIiOiJVU0VSX0lEIiwiYXVkIjoiaHR0cHM6Ly9BVVRIMF9ET01BSU4vYXBpL3YyLyIsImlhdCI6MTUzMzk3ODM0MSwiZXhwIjoxNTMzOTgwMTQxLCJhenAiOiJDTElFTlRfSUQiLCJzY29wZSI6InJlYWQ6dXNlcnMgdXBkYXRlOnVzZXJzIGRlbGV0ZTp1c2VycyBjcmVhdGU6dXNlcnMgcmVhZDp1c2Vyc19hcHBfbWV0YWRhdGEgdXBkYXRlOnVzZXJzX2FwcF9tZXRhZGF0YSBkZWxldGU6dXNlcnNfYXBwX21ldGFkYXRhIGNyZWF0ZTp1c2Vyc19hcHBfbWV0YWRhdGEiLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMifQ.NnVuJ1IZ5KyWPokQO9p5C5-u5DzV02ry9g8mAaBX9q0" }
Create Guardian User
This API endpoint allows Guardian managers to create accounts.
Needed Permissions: admin.users.create-guardian-user
- POST /user/guardian-user/create
- Response JSON Object:
email (str) – user’s e-mail.
password (str) – user’s initial password.
name (str) – user’s full name.
Example request:
{ "email": "john-smith@example.com", "password": "secret", "name": "John Smith" }
Example response:
{}
Delete Guardian User
This API endpoint allows Guardian managers to delete accounts from their group.
Needed Permissions: admin.users.delete-guardian-user
- POST /user/guardian-user/delete
- Response JSON Object:
email (str) – user’s e-mail.
Example request:
{ "email": "john-smith@example.com" }
Example response:
{}