Pular para o conteúdo principal

Users API

Endpoints for managing users, invitations, and group assignments.

List Users

Returns all users in the company.

GET/v1/users

Required Permission: user:read

Query Parameters:

ParameterTypeDefaultDescription
pageinteger1Page number
per_pageinteger20Items per page (max: 100)
includestring-Set to groups for expanded group data

Example Request:

curl "https://api.console.solucao42.com.br/v1/users?include=groups" \
  -H "Authorization: Bearer YOUR_TOKEN"

Response: 200 OK

{
  "total": 25,
  "quantity": 20,
  "records": [
    {
      "_id": "507f1f77bcf86cd799439011",
      "email": "[email protected]",
      "name": "John Doe",
      "company_id": "507f1f77bcf86cd799439012",
      "status": "active",
      "group_ids": ["admin-group"],
      "groups": [
        {
          "_id": "admin-group",
          "name": "Administrators",
          "slug": "administrators"
        }
      ],
      "created_at": "2024-01-15T10:30:00.000Z"
    }
  ]
}

Get User

Returns a single user by ID.

GET/v1/users/:id

Required Permission: user:read

Example Request:

curl https://api.console.solucao42.com.br/v1/users/507f1f77bcf86cd799439011 \
  -H "Authorization: Bearer YOUR_TOKEN"

Response: 200 OK

{
  "_id": "507f1f77bcf86cd799439011",
  "email": "[email protected]",
  "name": "John Doe",
  "company_id": "507f1f77bcf86cd799439012",
  "status": "active",
  "teams": ["default-team"],
  "group_ids": ["admin-group"],
  "created_at": "2024-01-15T10:30:00.000Z"
}

Invite User

Invites a new user to the company. They'll receive an email to set their password.

POST/v1/users/invite

Required Permission: user:update

Request Body:

FieldTypeRequiredDescription
emailstringYesUser's email address
team_idsstring[]NoTeams to assign
group_idsstring[]NoGroups to assign

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/users/invite \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "group_ids": ["editors"]
  }'

Response: 201 Created

{
  "_id": "507f1f77bcf86cd799439015",
  "email": "[email protected]",
  "company_id": "507f1f77bcf86cd799439012",
  "status": "invited",
  "teams": ["default-team"],
  "group_ids": ["editors"],
  "invitation_expires_at": "2024-03-08T10:30:00.000Z",
  "created_at": "2024-03-01T10:30:00.000Z"
}

Errors:

StatusError CodeDescription
400USER_EMAIL_DUPLICATEEmail already exists
422VALIDATION_ERRORInvalid email format

Accept Invitation

Accepts an invitation and sets the user's password. No authentication required.

POST/v1/users/accept-invitation

Request Body:

FieldTypeRequiredDescription
tokenstringYesInvitation token from email
passwordstringYesNew password (min 12 chars)

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/users/accept-invitation \
  -H "Content-Type: application/json" \
  -d '{
    "token": "invitation-token-from-email",
    "password": "SecurePassword123!"
  }'

Response: 200 OK

{
  "success": true,
  "user": {
    "_id": "507f1f77bcf86cd799439015",
    "email": "[email protected]",
    "status": "active"
  }
}

Errors:

StatusError CodeDescription
400INVALID_INVITATION_TOKENToken expired or invalid
422VALIDATION_ERRORPassword doesn't meet requirements

Request Password Reset

Sends a password reset email. No authentication required.

POST/v1/users/reset-password/request

Request Body:

FieldTypeRequiredDescription
emailstringYesUser's email address

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/users/reset-password/request \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Response: 200 OK

{
  "success": true,
  "message": "If the email exists, a reset link has been sent"
}
Security Note

The response is always the same regardless of whether the email exists. This prevents email enumeration attacks.

Activate User

Activates a deactivated user.

POST/v1/users/:id/activate

Required Permission: user:update

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/users/USER_ID/activate \
  -H "Authorization: Bearer YOUR_TOKEN"

Response: 200 OK

{
  "_id": "507f1f77bcf86cd799439011",
  "email": "[email protected]",
  "status": "active"
}

Deactivate User

Deactivates a user. They won't be able to log in.

POST/v1/users/:id/deactivate

Required Permission: user:update

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/users/USER_ID/deactivate \
  -H "Authorization: Bearer YOUR_TOKEN"

Response: 200 OK

{
  "_id": "507f1f77bcf86cd799439011",
  "email": "[email protected]",
  "status": "inactive"
}

Errors:

StatusError CodeDescription
400CANNOT_DEACTIVATE_SELFYou cannot deactivate yourself

Add Groups to User

Adds groups to a user (appends to existing).

POST/v1/users/:id/groups

Required Permission: user:update

Request Body:

FieldTypeRequiredDescription
group_idsstring[]YesGroup IDs to add (min 1)

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/users/USER_ID/groups \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "group_ids": ["editors", "viewers"]
  }'

Response: 200 OK

Returns the updated user object.

Replace User Groups

Replaces all groups of a user.

PUT/v1/users/:id/groups

Required Permission: user:update

Request Body:

FieldTypeRequiredDescription
group_idsstring[]YesNew group IDs (replaces all)

Example Request:

curl -X PUT https://api.console.solucao42.com.br/v1/users/USER_ID/groups \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "group_ids": ["managers"]
  }'

Remove Groups from User

Removes specific groups from a user.

DELETE/v1/users/:id/groups

Required Permission: user:update

Request Body:

FieldTypeRequiredDescription
group_idsstring[]YesGroup IDs to remove

Example Request:

curl -X DELETE https://api.console.solucao42.com.br/v1/users/USER_ID/groups \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "group_ids": ["viewers"]
  }'

User Object

FieldTypeDescription
_idstringUnique identifier
emailstringEmail address (unique per company)
namestringDisplay name
company_idstringParent company ID
statusstringinvited, active, or inactive
group_idsstring[]Group IDs assigned to user
groupsobject[]Expanded group objects (when include=groups)
created_atstringISO 8601 creation timestamp

User Status

StatusDescription
invitedUser received invitation, hasn't accepted
activeUser is active and can log in
inactiveUser is deactivated, cannot log in

Code Examples

const API_URL = 'https://api.console.solucao42.com.br';

// List users with groups
async function listUsers(token) {
  const response = await fetch(`${API_URL}/v1/users?include=groups`, {
    headers: { 'Authorization': `Bearer ${token}` },
  });
  return response.json();
}

// Invite user
async function inviteUser(token, email, group_ids = []) {
  const response = await fetch(`${API_URL}/v1/users/invite`, {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${token}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ email, group_ids }),
  });
  return response.json();
}

// Manage user groups
async function setUserGroups(token, userId, group_ids) {
  const response = await fetch(`${API_URL}/v1/users/${userId}/groups`, {
    method: 'PUT',
    headers: {
      'Authorization': `Bearer ${token}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ group_ids }),
  });
  return response.json();
}

// Deactivate user
async function deactivateUser(token, userId) {
  const response = await fetch(`${API_URL}/v1/users/${userId}/deactivate`, {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${token}` },
  });
  return response.json();
}