User Management API (1.0.1, 2023-07-13)
Download OpenAPI specification:Download
This is Conductor’s REST API for user management.
We use a bearer token except for the login
endpoint, which uses a username and password.
Application Identity
The application identity is a set of credentials used to interact with this API. These credentials must belong to a user configured separately, without SSO enabled, and with the Admin user type. Afterward, the Standard and Read-only users belonging to the same accounts may be managed through the API.
The Conductor platform has two different dimensions of permissions:
- User Type: Whether the user can write or read data only. This applies in general, not just single accounts. Conductor’s user types include: Admin, Standard, and Read-only.
- Accounts: Accounts grant access to specific sets of data.
There are two operations to manage these two dimensions separately.
Log in with a Conductor username and password
Login operation to obtain a token (jwt).
Request Body schema: application/json
Login credentials of the application Identity.
password | string |
username | string |
Responses
Request samples
- Payload
{- "password": "string",
- "username": "string"
}
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "accessToken": "abc",
- "expiresIn": 86400,
- "idToken": "abc",
- "refreshToken": "abc"
}
Note: Only Standard and Read-only users may be created, updated, or otherwise managed with this API. The User List endpoint includes Admin users, but they cannot be managed with this API.
Get a List of Available Accounts
Returns a list of the accounts your authenticated service has access to. These are the accounts that can be assigned to the users you manage with this API.
Authorizations:
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
[- {
- "name": "Account 1",
- "account_id": 1,
- "creation_date": "2019-08-24T14:15:22Z"
}
]
Get a List of All users
Returns the list of users associated with the same accounts as the authenticated user. Both active and inactive users are returned.
Authorizations:
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
[- {
- "accounts": [
- 1,
- 2,
- 3
], - "email": "user@example.com",
- "firstname": "User",
- "lastname": "User",
- "sso_access": true,
- "type": "READ_ONLY",
- "view": "CONTENT_MARKETING",
- "status": "ACTIVE"
}
]
Create a user
Creates a user.
- The type
ADMIN
cannot be created - In most cases, the view parameter should be set to
COMPLETE
. Refer to Conductor’s Knowledge Base to learn more about role-based user views. - Some public email providers (such as Gmail) are not allowed. You will get a
HTTP 400
error.
If you try to re-create an existing user, the resource will respond with error 409
.
Authorizations:
query Parameters
send_email | boolean Default: false Set to true if welcome email should be sent |
Request Body schema: application/json
The user to create
accounts required | Array of integers |
email required | string |
firstname required | string |
lastname required | string |
sso_access required | boolean |
type required | string Enum: "READ_ONLY" "STANDARD" "ADMIN" User type, |
view required | string Enum: "CONTENT_MARKETING" "SEARCH_MARKETING" "EXECUTIVE_ESSENTIALS" "PAID_SEARCH" "RESEARCH" "COMPLETE" |
status | string Default: true Enum: "ACTIVE" "INACTIVE" Whether the user is active or inactive. Not required when creating a user. |
Responses
Request samples
- Payload
{- "accounts": [
- 0
], - "email": "string",
- "firstname": "string",
- "lastname": "string",
- "sso_access": true,
- "type": "STANDARD",
- "view": "CONTENT_MARKETING"
}
Response samples
- 201
- 400
- 401
- 403
- 404
- 409
- 500
{- "accounts": [
- 0
], - "email": "string",
- "firstname": "string",
- "lastname": "string",
- "sso_access": true,
- "type": "READ_ONLY",
- "view": "CONTENT_MARKETING",
- "status": "ACTIVE"
}
Get Access Information about a User
Get access information about a single user, including:
- Accounts they have access to
- Email address
- First and last name
- SSO access
- User type
- User view in Conductor
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
], - "email": "user@example.com",
- "firstname": "User",
- "lastname": "User",
- "sso_access": true,
- "type": "STANDARD",
- "view": "COMPLETE",
- "status": "ACTIVE"
}
Get a list of a User’s Existing Access to Conductor Accounts
Returns the list of accounts a user has access to.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
]
}
Replace a User’s Access to Conductor Accounts
Completely replaces the list of accounts a user has access to with the given list. It is only possible to assign accounts that are already owned by the application identity.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
Request Body schema: application/json
The list of accounts the user has access to after the operation.
accounts | Array of integers |
Responses
Request samples
- Payload
{- "accounts": [
- 1,
- 2,
- 3
]
}
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
]
}
Add or remove Accounts to the List of Accounts a user can access.
Depending on the value of the parameter removal
add or remove accounts from a users' list of
accounts they can access.
Adding an existing account has no effect, removing a non-existing account will be ignored.
It is only possible to assign accounts that are already owned by the application identity.
Examples:
- A user has access to accounts
1
and2
before and wePUT
[2,3]
, they will have access to1
,2
and3
after the operation is completed. - A user has access to accounts
1
and2
before and wePUT removal=true
[2,3]
, they will have access to1
only after the operation is completed.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
query Parameters
removal | boolean Default: false True if access is to be removed |
Request Body schema: application/json
The list of accounts to either remove or add.
accounts | Array of integers |
Responses
Request samples
- Payload
{- "accounts": [
- 1,
- 2
]
}
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
]
}
Update a User’s Existing Access to a Conductor Account
- Grant access to an account (using no query parameter, or entering
removal=false
) - Remove access form an account (using query parameter
removal=true
)
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
accountId required | integer >= 0 Example: 1 An account ID, can be retrieved from the Accounts endpoint |
query Parameters
removal | boolean Default: false True if access is to be removed |
Request Body schema: application/json
An empty body
Responses
Request samples
- Payload
{ }
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
]
}
Add a Conductor account to a user’s set of accessible accounts
Grant a user access to an account.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
accountId required | integer >= 0 Example: 1 An account ID, can be retrieved from the Accounts endpoint |
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
]
}
Remove a Conductor account from a user’s set of accessible accounts
Remove account access from a user.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
accountId required | integer >= 0 Example: 1 An account ID, can be retrieved from the Accounts endpoint |
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
{- "accounts": [
- 1,
- 2,
- 3
]
}
Activate or Deactivate a user
Modify the status of a user. Inactive users are no longer visible, have no access, but will not be deleted. They can later be reactivated using this same endpoint.
If you try to re-create an existing user, the Users endpoint will respond with error 409
.
This endpoint can be used to activate the user.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
Request Body schema: application/json
status | string Enum: "ACTIVE" "INACTIVE" |
Responses
Request samples
- Payload
{- "status": "ACTIVE"
}
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "status": "INACTIVE"
}
Modify a User’s User Type
You can change a user between STANDARD
and READ_ONLY
.
This either enables the user to make changes to all data in their accounts or only read.
This is set at the level of all accounts, it cannot be changed for single accounts.
Authorizations:
path Parameters
userEmail required | string Example: user@example.com The user’s email |
Request Body schema: application/json
type | string Enum: "STANDARD" "READ_ONLY" |
Responses
Request samples
- Payload
{- "type": "STANDARD"
}
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "type": "STANDARD"
}