API docs by Redocly

Users API (1.0.0)

Download OpenAPI specification:

API documentation for managing users, bulk operations, and group-level permissions.

Users

List users in a group

Returns paginated list of users in the group with advanced filtering capabilities. All text filters (username, firstname, lastname, puid, rolename) support case-insensitive partial matching. Special keyword "-none-" for rolename returns users with no role assigned. Multiple filters can be combined using AND logic (default) or OR logic (orMode=true).

Required Permissions:

  • GROUP_OWNER role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group

query Parameters
username
string

Filter by username (case-insensitive partial match). Example "john" matches "john.smith", "JOHN.DOE"

offset
integer >= 0
Default: 0

Position to start the page of results

limit
integer [ 1 .. 1000 ]
Default: 20

Number of results to return in the page (max 1000)

firstname
string

Filter by first name (case-insensitive partial match). Example "john" matches "John", "JOHNNY"

lastname
string

Filter by last name (case-insensitive partial match). Example "smith" matches "Smith", "SMITHSON"

puid
string

Filter by partner user ID (case-insensitive partial match). Example "abc" matches "ABC123", "xyz_abc_789"

rolename
string

Filter by role name (case-insensitive partial match). Special case: Use "-none-" (any case) to find users with no role assigned (roleId = 0 or NULL). Examples: "admin" matches "Administrator", "SystemAdmin"; "-none-" returns users with no role

roleId
string

Filter by exact role ID. Use "0" to find users with no role assigned (equivalent to rolename="-none-")

orMode
boolean
Default: false

Use OR logic for combining filters (default: false uses AND logic). When true, users matching ANY filter are returned; when false, users must match ALL filters

Responses

Response samples

Content type
{
  • "pagination": {
    },
  • "usersList": [
    ]
}

Create users in a group

Create users in a group. A maximum of 1,000 users can be created per request. For larger imports, split into multiple requests of up to 1,000 users each.

Required Permissions (all required):

  • GROUP_OWNER role
  • GROUP_ADD_PERSON role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group

Request Body schema: application/json
required
Array (<= 1000 items)
firstName
string

User's given (first) name.

lastName
string

User's family (last) name.

email
string

User's email address used for communication and identification.

phone
string

User's contact phone number.

username
required
string

Unique username used for authentication and login within the system. Must be unique across the group.

password
string

User's password for authentication. Required when creating a new user. If omitted, the user will not be able to log in until a password is set.

partnerUserId
required
string

External or partner system identifier associated with this user. Used to correlate users across integrated systems.

roleId
integer

Numeric identifier representing the user's assigned role within the group. If omitted, the user is created with no role assigned.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
[
  • {
    }
]

Update users in a group

Update users in a group. A maximum of 1,000 users can be updated per request. For larger batch updates, split into multiple requests of up to 1,000 users each.

Required Permissions (all required):

  • GROUP_OWNER role
  • GROUP_MODIFY_PERSON role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group

Request Body schema: application/json
required
Array (<= 1000 items)
userId
required
integer

The unique Glance identifier of the user to update. This field is required to identify the target user and is immutable.

partnerUserId
string

External or partner system identifier associated with this user. Used to correlate users across integrated systems.

suspended
boolean

Whether the user account is suspended. Set to true to suspend the user or false to reactivate.

username
string

Unique username used for authentication and login within the system. Must be unique across the group.

password
string

User's password for authentication. Optional for updates; provide only when resetting or changing the user's password.

firstName
string

User's given (first) name.

lastName
string

User's family (last) name.

email
string

User's email address used for communication and identification.

phone
string

User's contact phone number.

roleId
integer

Numeric identifier representing the user's assigned role within the group. Set to 0 to remove the user's role assignment.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
0
0

Unlock the specified user in a group

Unlock the specified user in a group. Removes the login lockout that occurs after repeated failed authentication attempts. The user will be able to log in again immediately.

Required Permissions (any one):

  • ROOT role
  • GROUP_OWNER role
  • GROUP_MODIFY_PERSON role
  • MEMBER_SUBGROUP_PERMISSION role
  • CUSTOMER_SUBGROUP_PERMISSION role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group the user belongs to.

user_id
required
integer

The ID of the locked user to unlock.

Responses

Response samples

Content type
application/json
{
  • "status": "ok"
}

Delete users in a group

Delete users in a group. A maximum of 1,000 users can be deleted per request. For larger batch deletions, split into multiple requests of up to 1,000 user IDs each.

Required Permissions (all required):

  • GROUP_OWNER role
  • GROUP_DELETE_PERSON role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group

Request Body schema: application/json
required

An array of user IDs to delete from the group. Each element must be a valid Glance user ID that is affiliated with the specified group. Duplicate user IDs within the array will result in a validation error.

Array (<= 1000 items)
integer

The unique Glance user ID (userId) of the user to delete.

Responses

Request samples

Content type
application/json
[
  • 1001,
  • 1002,
  • 1003
]

Response samples

Content type
application/json
3

Get permissions of a user in a group

Returns the full set of group-level permissions for the specified user. Each permission is represented as a boolean value indicating whether it is granted.

Available permissions: groupOwner, addUsers, editUsers, deleteUsers, editGroupSettings, editSecurity, viewSecurity, manageCustomerSubgroups, manageMemberSubgroups.

Required Permissions:

  • GROUP_OWNER role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group to query permissions within.

user_id
required
integer

The ID of the user whose permissions to retrieve.

Responses

Response samples

Content type
application/json
{
  • "groupOwner": true,
  • "addUsers": true,
  • "editUsers": true,
  • "deleteUsers": true,
  • "editGroupSettings": true,
  • "editSecurity": true,
  • "viewSecurity": true,
  • "manageCustomerSubgroups": true,
  • "manageMemberSubgroups": false
}

Set permissions of a user in a group

Updates group-level permissions for the specified user. Provide an object mapping permission names to boolean values. Only the permissions included in the request body are updated; omitted permissions remain unchanged.

Valid permission keys: groupOwner, addUsers, editUsers, deleteUsers, editGroupSettings, editSecurity, viewSecurity, manageCustomerSubgroups, manageMemberSubgroups. Any key not in this list will result in a 400 error.

Required Permissions (all required):

  • GROUP_OWNER role
  • SECURITY role
Authorizations:
BearerAuth
path Parameters
group_id
required
integer

The ID of the group to update permissions within.

user_id
required
integer

The ID of the user whose permissions to update.

Request Body schema: application/json
required

Object mapping permission names to boolean values. Only include the permissions you want to change. Valid keys: groupOwner, addUsers, editUsers, deleteUsers, editGroupSettings, editSecurity, viewSecurity, manageCustomerSubgroups, manageMemberSubgroups.

groupOwner
boolean

Whether the user has full group owner privileges, granting access to all group management capabilities.

addUsers
boolean

Whether the user can create new users within the group.

editUsers
boolean

Whether the user can modify existing user accounts within the group.

deleteUsers
boolean

Whether the user can remove users from the group.

editGroupSettings
boolean

Whether the user can modify group-level settings and configuration.

editSecurity
boolean

Whether the user can modify security settings and permission assignments for other users.

viewSecurity
boolean

Whether the user can view security settings and permission assignments (read-only access).

manageCustomerSubgroups
boolean

Whether the user can create, modify, and manage customer-type subgroups.

manageMemberSubgroups
boolean

Whether the user can create, modify, and manage member-type subgroups.

Responses

Request samples

Content type
application/json
{
  • "addUsers": true,
  • "editUsers": true,
  • "deleteUsers": false
}

Response samples

Content type
application/json
3