User API

POST/v2/usersCreate user

Create a user for an organization
parametergroupAdminMake the user a group admin: Boolean
parameteruserGroupIdUsed together with the group admin parameter: Number
headerAuthorizationAuthentication token (bearer token or API key).
{
"organizationId" : Number,
"firstName" : String,
"lastName" : String,
"phoneNumber" : Phone number (E.164, e.g. "+31850607337"),
"phoneNumberVerify" : Boolean,
"emailAddress" : String,
"emailAddressVerify" : Boolean,
"description" : String,
"remarks" : String,
"superUser" : Boolean,
"externalId" : String,
"invitation" : {
"language" : Language code (ISO 639-1, e.g. "ar", "de", "en", "es", "fr", "it", "nl", "pl", "cs"),
"expiration" : Date/time with a timezone (ISO 8601, e.g. "2022-06-23T13:53:02+02:00"),
"sendEmail" : Boolean,
"sendSms" : Boolean
},
"autoRemoveAfter" : "WEEK" / "MONTH" / "YEAR",
"autoEmailMatch" : Boolean,
"requireEmailMatch" : Boolean,
"authOrganizationId" : String,
"emailMatchCredentialFilter" : Boolean
}

Response

status201All ok, returned Id of created user, and invitation token where applicable
status400Invalid input
status401Invalid authentication token
status403Insufficient rights
status409User or user-invite already exists. Existing user.id will be returned
{
"userId" : Number,
"invitation" : {
"url" : String,
"expiration" : Date/time with a timezone (ISO 8601, e.g. "2022-06-23T13:53:02+02:00")
},
"token" : String, UUID 4 formatted (e.g. "a426e157-8a5c-456a-8865-bec6394867ab")
}

Example: Create a user

POST/v2/users

headerAuthorizationBearer b5850315-ddba-4d87-ad09-57f42c10636f
{
"organizationId": 2,
"firstName": "Averlyn",
"lastName": "Tromley",
"invitation": {
"expiration": "2026-03-17T09:38:37.991821898Z",
"sendEmail": false,
"sendSms": false
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 8,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/4e3ce3ac-a8d4-4c0a-8f2b-46da2fae8398",
"expiration": "2026-03-17T09:38:37.991821898Z"
},
"token": "4e3ce3ac-a8d4-4c0a-8f2b-46da2fae8398"
}

Example: Create a user for a personal organization

POST/v2/users

headerAuthorizationBearer 4b5c8c0f-60a5-4d47-8d01-bd4dd5af11f0
{
"organizationId": 1,
"firstName": "Averlyn",
"lastName": "Tromley",
"invitation": {
"expiration": "2026-03-17T09:38:42.091562272Z",
"sendEmail": false,
"sendSms": false
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 8,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/0bedf1ae-6ce7-41d0-ac31-bc3c4319e7e1",
"expiration": "2026-03-17T09:38:42.091562272Z"
},
"token": "0bedf1ae-6ce7-41d0-ac31-bc3c4319e7e1"
}

Example: Invite user and add to a user group

POST/v2/users

parameteruserGroupId1
parametergroupAdminfalse
headerAuthorizationBearer e240ae60-4128-4b9b-8b65-7600ccccd30f
{
"organizationId": 2,
"firstName": "Test",
"lastName": "User",
"phoneNumber": "+40711111302",
"phoneNumberVerify": true,
"invitation": {
"expiration": "2026-03-17T09:38:46.126050026Z",
"sendEmail": false,
"sendSms": true
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 8,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/48af16ca-ae61-44a3-9099-a13ec34ceac9",
"expiration": "2026-03-17T09:38:46.126050026Z"
},
"token": "48af16ca-ae61-44a3-9099-a13ec34ceac9"
}

Example: Invite a user for a professional organization

POST/v2/users

headerAuthorizationBearer 93ef6d7c-06ae-411f-9213-1a40b28bd3d7
{
"organizationId": 2,
"firstName": "John",
"lastName": "Stuart",
"phoneNumber": "+40711111302",
"phoneNumberVerify": true,
"invitation": {
"expiration": "2026-03-17T09:38:50.19464415Z",
"sendEmail": false,
"sendSms": true
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 8,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/ecacb88c-d379-4c96-8e87-9da3cabf87ae",
"expiration": "2026-03-17T09:38:50.19464415Z"
},
"token": "ecacb88c-d379-4c96-8e87-9da3cabf87ae"
}

Example: Create a user when input is invalid

POST/v2/users

headerAuthorizationBearer 5089617f-80c2-4540-82cf-4cd7700c72d3
{
"organizationId": -1
}

Response

status403
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"message": "The request was a legal request, but the server is refusing to respond to it.",
"errorMessage": "The request was a legal request, but the server is refusing to respond to it."
}

Example: Invite a duplicate user for a professional organization

POST/v2/users

headerAuthorizationBearer b1f3e7f5-559e-429d-ab54-bea3ad133b87
{
"organizationId": 2,
"firstName": "Norton",
"lastName": "McAfee",
"phoneNumber": "+40711111302",
"phoneNumberVerify": true,
"invitation": {
"expiration": "2026-03-17T09:38:58.210146586Z",
"sendEmail": false,
"sendSms": true
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 8,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/957593d5-dfc6-4bc5-956d-13dceb17ec2d",
"expiration": "2026-03-17T09:38:58.210146586Z"
},
"token": "957593d5-dfc6-4bc5-956d-13dceb17ec2d"
}

POST/v2/users

headerAuthorizationBearer b1f3e7f5-559e-429d-ab54-bea3ad133b87
{
"organizationId": 2,
"firstName": "Norton",
"lastName": "McAfee",
"phoneNumber": "+40711111302",
"phoneNumberVerify": true,
"invitation": {
"expiration": "2026-03-17T09:38:58.312435937Z",
"sendEmail": false,
"sendSms": true
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 9,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/eb90a85e-5d25-4f20-84d1-15231ec5a557",
"expiration": "2026-03-17T09:38:58.312435937Z"
},
"token": "eb90a85e-5d25-4f20-84d1-15231ec5a557"
}

Example: Invite two invites professional organization where numbers match

POST/v2/users

headerAuthorizationBearer c33b6430-657b-4118-bbaa-c27893ae7deb
{
"organizationId": 2,
"firstName": "Norton",
"lastName": "McAfee",
"phoneNumber": "+40711111302",
"phoneNumberVerify": true,
"invitation": {
"expiration": "2026-03-17T09:39:02.26053241Z",
"sendEmail": false,
"sendSms": true
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 8,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/08e5b70a-a85b-4bb5-b789-1b91efc60b98",
"expiration": "2026-03-17T09:39:02.26053241Z"
},
"token": "08e5b70a-a85b-4bb5-b789-1b91efc60b98"
}

POST/v2/users

headerAuthorizationBearer c33b6430-657b-4118-bbaa-c27893ae7deb
{
"organizationId": 2,
"firstName": "Norton",
"lastName": "McAfee",
"phoneNumber": "+40711111302",
"phoneNumberVerify": true,
"invitation": {
"expiration": "2026-03-17T09:39:02.341130781Z",
"sendEmail": false,
"sendSms": true
}
}

Response

status200
headerAccess-Control-Expose-Headersauthorization, content-type
headerAccess-Control-Allow-Headersauthorization, content-type
headerAccess-Control-Allow-MethodsGET, POST, DELETE, OPTIONS, PUT
headerAccess-Control-Allow-Origin*
headerStrict-Transport-Securitymax-age=31536000; includeSubDomains
headerX-Frame-OptionsSAMEORIGIN
headerX-Content-Type-Optionsnosniff
headerX-XSS-Protection1; mode=block
headerContent-Security-Policydefault-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
headerReferrer-Policyno-referrer
headerFeature-Policyself
headerPermissions-policyinterest-cohort=()
{
"userId": 9,
"invitation": {
"url": "https://invite-staging.boldsmartlock.com/d048bcd2-ad88-44f6-b303-9f42a9ba5859",
"expiration": "2026-03-17T09:39:02.341130781Z"
},
"token": "d048bcd2-ad88-44f6-b303-9f42a9ba5859"
}