Users
Users are human actors who can authenticate and access resources. Users can belong to multiple accounts with different permissions.
The User Object
{
"id": "user-john001",
"email": "[email protected]",
"organization_id": "org-abc123xyz",
"is_active": true,
"is_verified": true,
"mfa_enabled": true,
"metadata": {},
"created_at": "2025-09-30T10:00:00Z",
"updated_at": "2025-09-30T10:00:00Z",
"last_login_at": "2025-09-30T11:30:00Z"
}
Attributes
| Attribute | Type | Description |
|---|---|---|
id | string | Unique identifier for the user |
email | string | User's email address (unique within organization) |
organization_id | string | Parent organization ID |
is_active | boolean | Whether the user account is active |
is_verified | boolean | Whether the email is verified |
mfa_enabled | boolean | Whether MFA/2FA is enabled |
metadata | object | Optional metadata (key-value pairs) |
created_at | string | ISO 8601 timestamp of creation |
updated_at | string | ISO 8601 timestamp of last update |
last_login_at | string | ISO 8601 timestamp of last login (null if never logged in) |
List Users
Retrieves a paginated list of users in the organization.
GET /users
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number |
quantity | integer | 20 | Results per page (max: 100) |
order_by | string | -created_at | Sort field |
account_id | string | - | Filter by account membership |
Example Request
curl "https://api.console.solucao42.com.br/users?page=1&quantity=20" \
-H "Authorization: HMAC sa_abc123_acc456_xyz:signature" \
-H "x-date: 2025-09-30T12:00:00Z" \
-H "x-nonce: unique-request-id" \
-H "x-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
Example Response
{
"total": 15,
"page": 1,
"results": [
{
"id": "user-john001",
"email": "[email protected]",
"organization_id": "org-abc123xyz",
"is_active": true,
"is_verified": true,
"mfa_enabled": true,
"metadata": {},
"created_at": "2025-09-30T10:00:00Z",
"updated_at": "2025-09-30T10:00:00Z",
"last_login_at": "2025-09-30T11:30:00Z"
}
]
}
Get User
Retrieves a specific user by ID.
GET /users/{id}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | User ID |
Example Request
curl https://api.console.solucao42.com.br/users/user-john001 \
-H "Authorization: HMAC sa_abc123_acc456_xyz:signature" \
-H "x-date: 2025-09-30T12:00:00Z" \
-H "x-nonce: unique-request-id" \
-H "x-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
Example Response
{
"id": "user-john001",
"email": "[email protected]",
"organization_id": "org-abc123xyz",
"is_active": true,
"is_verified": true,
"mfa_enabled": true,
"metadata": {
"department": "Engineering",
"role": "Senior Developer"
},
"created_at": "2025-09-30T10:00:00Z",
"updated_at": "2025-09-30T10:00:00Z",
"last_login_at": "2025-09-30T11:30:00Z"
}
Create User
Creates a new user in the organization.
POST /users
Request Body
{
"email": "[email protected]",
"password": "SecurePassword123!",
"metadata": {
"department": "Sales",
"role": "Account Executive"
}
}
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email (must be unique) |
password | string | Yes | User password (min 8 characters) |
metadata | object | No | Optional metadata |
Example Request
curl -X POST https://api.console.solucao42.com.br/users \
-H "Authorization: HMAC sa_abc123_acc456_xyz:signature" \
-H "Content-Type: application/json" \
-H "x-date: 2025-09-30T12:00:00Z" \
-H "x-nonce: unique-request-id" \
-H "x-content-sha256: <body-hash>" \
-d '{
"email": "[email protected]",
"password": "SecurePassword123!"
}'
Example Response
{
"id": "user-jane001",
"email": "[email protected]",
"organization_id": "org-abc123xyz",
"is_active": true,
"is_verified": false,
"mfa_enabled": false,
"metadata": {},
"created_at": "2025-09-30T12:00:00Z",
"updated_at": "2025-09-30T12:00:00Z",
"last_login_at": null
}
Update User
Updates an existing user.
PATCH /users/{id}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | User ID |
Request Body
{
"is_active": false,
"metadata": {
"department": "Engineering",
"role": "Lead Developer"
}
}
Example Request
curl -X PATCH https://api.console.solucao42.com.br/users/user-john001 \
-H "Authorization: HMAC sa_abc123_acc456_xyz:signature" \
-H "Content-Type: application/json" \
-H "x-date: 2025-09-30T12:00:00Z" \
-H "x-nonce: unique-request-id" \
-H "x-content-sha256: <body-hash>" \
-d '{
"metadata": {
"department": "Engineering",
"role": "Lead Developer"
}
}'
Example Response
{
"id": "user-john001",
"email": "[email protected]",
"organization_id": "org-abc123xyz",
"is_active": true,
"is_verified": true,
"mfa_enabled": true,
"metadata": {
"department": "Engineering",
"role": "Lead Developer"
},
"created_at": "2025-09-30T10:00:00Z",
"updated_at": "2025-09-30T12:30:00Z",
"last_login_at": "2025-09-30T11:30:00Z"
}
Delete User
Deletes a user from the organization.
DELETE /users/{id}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | User ID |
Example Request
curl -X DELETE https://api.console.solucao42.com.br/users/user-old001 \
-H "Authorization: HMAC sa_abc123_acc456_xyz:signature" \
-H "x-date: 2025-09-30T12:00:00Z" \
-H "x-nonce: unique-request-id" \
-H "x-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
Response
204 No Content
Response Codes
| Code | Description |
|---|---|
| 200 | Success |
| 201 | Created |
| 204 | No Content (delete successful) |
| 400 | Invalid request body |
| 401 | Authentication failed |
| 403 | Insufficient permissions |
| 404 | User not found |
| 409 | Email already exists |
| 422 | Validation error |
Permissions
Required Permissions
| Action | Permission |
|---|---|
| List users | users:ListUsers |
| Get user | users:GetUser |
| Create user | users:CreateUser |
| Update user | users:UpdateUser |
| Delete user | users:DeleteUser |
Related Resources
Notes
- Passwords are hashed with Argon2 and never returned in API responses
- Email addresses must be unique within the organization
- Users can belong to multiple accounts simultaneously
- Deleting a user removes all their group memberships and sessions