Core
API v1.x
1

You are currently looking at the documentation of a previous version of Kuzzle. We strongly recommend that you use the latest version. You can also use the version selector in the top menu.

createRestrictedUser #

Creates a new user in Kuzzle, with a preset list of security profiles.

The list of security profiles attributed to restricted users is fixed, and must be configured in the Kuzzle configuration file.

This method allows users with limited rights to create other accounts, but blocks them from creating accounts with unwanted privileges (e.g. an anonymous user creating his own account).


Query Syntax #

HTTP #

Copied to clipboard!
URL: http://kuzzle:7512/users/<_id>/_createRestricted[?refresh=wait_for]
URL(2): http://kuzzle:7512/users/_createRestricted[?refresh=wait_for]
Method: POST
Body:
Copied to clipboard!
{
  "content": {
    // user additional information (optional)
    "fullname": "John Doe"
  },
  "credentials": {
    // example with the "local" authentication strategy
    "local": {
      username: "jdoe",
      password: "foobar"
    }
  }
}

Other protocols #

Copied to clipboard!
{
  "controller": "security",
  "action": "createRestrictedUser",
  "body": {
    "content": {
      "fullname": "John Doe"
    },
    "credentials": {
      // example with the "local" authentication strategy
      "local": {
        username: "jdoe",
        password: "foobar"
      }
    }
  },

  // optional arguments
  "_id": "<kuid>",
  "refresh": "wait_for"
}

Arguments #

Optional: #

  • _id: user kuid. An error is returned if the provided identifier already exists. If not provided, a random kuid is automatically generated.
  • refresh: if set to wait_for, Kuzzle will not respond until the newly created user is indexed

Body properties #

  • content: user additional information. Can be left empty.
  • credentials: describe how the new user can be authenticated. This object contains any number of properties, named after the target authentication strategy to use. Each one of these properties are objects containing the credentials information, corresponding to that authentication strategy. If left empty, the new user is created but cannot be authenticated.

Response #

Returns the restricted user creation status:

  • _id: new user kuid
  • _source: new user content and attributed profiles
  • created: always true
  • version: always 1
Copied to clipboard!
{
  "status": 200,
  "error": null,
  "controller": "security",
  "action": "createRestrictedUser",
  "requestId": "<unique request identifier>",
  "result": {
    "_id": "<kuid>",
    "_source": {
      "profileIds": ["<profileId>"],
      "fullname": "John Doe"
    },
    "_version": 1,
    "created": true
  }
}