User Management API

User Management API (1.0.1, 2023-07-13)

Download OpenAPI specification:Download

This is Conductor’s REST API for user management.

Getting access to the API

We use a bearer token except for the login endpoint, which uses a username and password.

Application Identity

The application identity is a set of credentials used to interact with this API. These credentials must belong to a user configured separately, without SSO enabled, and with the Admin user type. Afterward, the Standard and Read-only users belonging to the same accounts may be managed through the API.

Permissions in the Conductor Platform

The Conductor platform has two different dimensions of permissions:

  • User Type: Whether the user can write or read data only. This applies in general, not just single accounts. Conductor’s user types include: Admin, Standard, and Read-only.
  • Accounts: Accounts grant access to specific sets of data.

There are two operations to manage these two dimensions separately.

Authentication resources

Obtain a bearer token.

Log in with a Conductor username and password

Login operation to obtain a token (jwt).

Request Body schema: application/json

Login credentials of the application Identity.

password
string
username
string

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "accessToken": "abc",
  • "expiresIn": 86400,
  • "idToken": "abc",
  • "refreshToken": "abc"
}

User management resources

Note: Only Standard and Read-only users may be created, updated, or otherwise managed with this API. The User List endpoint includes Admin users, but they cannot be managed with this API.

Get a List of Available Accounts

Returns a list of the accounts your authenticated service has access to. These are the accounts that can be assigned to the users you manage with this API.

Authorizations:
JWT

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get a List of All users

Returns the list of users associated with the same accounts as the authenticated user. Both active and inactive users are returned.

Authorizations:
JWT

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a user

Creates a user.

  • The type ADMIN cannot be created
  • In most cases, the view parameter should be set to COMPLETE. Refer to Conductor’s Knowledge Base to learn more about role-based user views.
  • Some public email providers (such as Gmail) are not allowed. You will get a HTTP 400 error.

If you try to re-create an existing user, the resource will respond with error 409.

Authorizations:
JWT
query Parameters
send_email
boolean
Default: false

Set to true if welcome email should be sent

Request Body schema: application/json

The user to create

accounts
required
Array of integers
email
required
string
firstname
required
string
lastname
required
string
sso_access
required
boolean
type
required
string
Enum: "READ_ONLY" "STANDARD" "ADMIN"

User type, ADMIN is not allowed when creating users. To identify existing ADMIN users, you can use the Users endpoint.

view
required
string
Enum: "CONTENT_MARKETING" "SEARCH_MARKETING" "EXECUTIVE_ESSENTIALS" "PAID_SEARCH" "RESEARCH" "COMPLETE"
status
string
Default: true
Enum: "ACTIVE" "INACTIVE"

Whether the user is active or inactive. Not required when creating a user.

Responses

Request samples

Content type
application/json
{
  • "accounts": [
    ],
  • "email": "string",
  • "firstname": "string",
  • "lastname": "string",
  • "sso_access": true,
  • "type": "STANDARD",
  • "view": "CONTENT_MARKETING"
}

Response samples

Content type
application/json
{
  • "accounts": [
    ],
  • "email": "string",
  • "firstname": "string",
  • "lastname": "string",
  • "sso_access": true,
  • "type": "READ_ONLY",
  • "view": "CONTENT_MARKETING",
  • "status": "ACTIVE"
}

Get Access Information about a User

Get access information about a single user, including:

  • Accounts they have access to
  • Email address
  • First and last name
  • SSO access
  • User type
  • User view in Conductor
Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

Responses

Response samples

Content type
application/json
{
  • "accounts": [
    ],
  • "email": "user@example.com",
  • "firstname": "User",
  • "lastname": "User",
  • "sso_access": true,
  • "type": "STANDARD",
  • "view": "COMPLETE",
  • "status": "ACTIVE"
}

Get a list of a User’s Existing Access to Conductor Accounts

Returns the list of accounts a user has access to.

Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

Responses

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

Replace a User’s Access to Conductor Accounts

Completely replaces the list of accounts a user has access to with the given list. It is only possible to assign accounts that are already owned by the application identity.

Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

Request Body schema: application/json

The list of accounts the user has access to after the operation.

accounts
Array of integers

Responses

Request samples

Content type
application/json
{
  • "accounts": [
    ]
}

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

Add or remove Accounts to the List of Accounts a user can access.

Depending on the value of the parameter removal add or remove accounts from a users' list of accounts they can access. Adding an existing account has no effect, removing a non-existing account will be ignored.

It is only possible to assign accounts that are already owned by the application identity.

Examples:

  1. A user has access to accounts 1 and 2 before and we PUT [2,3], they will have access to 1, 2 and 3 after the operation is completed.
  2. A user has access to accounts 1 and 2 before and we PUT removal=true [2,3], they will have access to 1 only after the operation is completed.
Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

query Parameters
removal
boolean
Default: false

True if access is to be removed

Request Body schema: application/json

The list of accounts to either remove or add.

accounts
Array of integers

Responses

Request samples

Content type
application/json
{
  • "accounts": [
    ]
}

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

Update a User’s Existing Access to a Conductor Account

  • Grant access to an account (using no query parameter, or entering removal=false)
  • Remove access form an account (using query parameter removal=true)
Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

accountId
required
integer >= 0
Example: 1

An account ID, can be retrieved from the Accounts endpoint

query Parameters
removal
boolean
Default: false

True if access is to be removed

Request Body schema: application/json

An empty body

object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

Add a Conductor account to a user’s set of accessible accounts

Grant a user access to an account.

Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

accountId
required
integer >= 0
Example: 1

An account ID, can be retrieved from the Accounts endpoint

Responses

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

Remove a Conductor account from a user’s set of accessible accounts

Remove account access from a user.

Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

accountId
required
integer >= 0
Example: 1

An account ID, can be retrieved from the Accounts endpoint

Responses

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

Activate or Deactivate a user

Modify the status of a user. Inactive users are no longer visible, have no access, but will not be deleted. They can later be reactivated using this same endpoint.

If you try to re-create an existing user, the Users endpoint will respond with error 409. This endpoint can be used to activate the user.

Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

Request Body schema: application/json
status
string
Enum: "ACTIVE" "INACTIVE"

Responses

Request samples

Content type
application/json
{
  • "status": "ACTIVE"
}

Response samples

Content type
application/json
{
  • "status": "INACTIVE"
}

Modify a User’s User Type

You can change a user between STANDARD and READ_ONLY. This either enables the user to make changes to all data in their accounts or only read. This is set at the level of all accounts, it cannot be changed for single accounts.

Authorizations:
JWT
path Parameters
userEmail
required
string
Example: user@example.com

The user’s email

Request Body schema: application/json
type
string
Enum: "STANDARD" "READ_ONLY"

Responses

Request samples

Content type
application/json
{
  • "type": "STANDARD"
}

Response samples

Content type
application/json
{
  • "type": "STANDARD"
}