User API Overview

The Informer User API provides comprehensive endpoints for managing user accounts, authentication settings, profiles, preferences, and team memberships. All routes are prefixed with /api.

Features

CRUD Operations - Create, read, update, and delete user accounts
Avatar Management - Upload, retrieve, and delete user avatars
Authentication - Password management, MFA settings, password expiration
Profile & Preferences - Display name, email, timezone, theme, settings
Device Management - Register and manage user devices
Activity Feed - User notifications and activity stream
Team Memberships - View user's team associations
Permissions - Global permission management, superuser access
Account Status - Enable/disable accounts, unlock locked accounts

User Structure

A user consists of:

Component	Description
username	Unique identifier (primary key)
displayName	Full display name
givenName/familyName	First and last names
email	Contact email address
domain	Authentication domain (local, LDAP, SSO, etc.)
enabled	Account active status
superuser	Admin privileges flag
settings	User preferences (JSONB)
timezone	User's timezone
locked	Account lock status

Authentication

All User API endpoints require authentication via session cookies or API tokens.

Common Permission Patterns

View users - Generally accessible to authenticated users
Edit permission - Required for user:edit (update user details)
Create permission - Required for users:create (create new users)
Delete permission - Required for user:delete (remove users)
Superuser permission - Required for tenant:superuser (admin operations)

User Domains

Users can authenticate via different domains:

Domain	Description
local	Local database authentication
ldap	LDAP/Active Directory
saml	SAML SSO provider
oauth	OAuth provider

Common Query Parameters

Many list endpoints support:

Parameter	Type	Default	Description
`q`	string	-	Full-text search query
`sort`	string	-	Sort field (prefix with `-` for descending)
`start`	integer	0	Pagination offset
`limit`	integer	30	Number of results per page

Error Responses

Standard HTTP status codes:

200 - Success
201 - Created
400 - Bad request (validation error)
403 - Forbidden (insufficient permissions)
404 - Resource not found
409 - Conflict (duplicate username)
500 - Internal server error

Error responses include:

{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "Insufficient permissions to edit user"
}

Next Steps

Explore the specific endpoint categories:

Core CRUD - Basic user operations
Avatar Management - Profile images
Authentication - Passwords and MFA
Profile & Preferences - User settings
Devices - Device management
Feed & Notifications - Activity stream
Memberships - Team associations
Permissions - Access control
Account Management - Enable/disable, unlock

Features​

User Structure​

Authentication​

Common Permission Patterns​

User Domains​

Common Query Parameters​

Error Responses​

Next Steps​