Skip to main content

Users API Reference

Overview

The Users API offers tools for managing user accounts on your Publica.la platform. It includes functionality for creating, updating, deactivating, and reactivating users, as well as managing user sessions and permissions.

info

Make sure you generated the api_token on your store. More info in the API Authentication guide

Endpoint Reference

EndpointMethodDescription
/integration-api/v1/dashboard/usersPOSTCreate a new user
/integration-api/v1/dashboard/usersGETList or search for users
/integration-api/v1/dashboard/users/(id)PUTUpdate an existing user
/integration-api/v1/dashboard/users/(id)DELETEDeactivate a user
/integration-api/v1/dashboard/users/(id)/re-activatePUTReactivate a user
/integration-api/v1/users/(id)/force-logoutPOSTForce user logout

Create a User

Create a new user account on the platform.

Endpoint: POST /integration-api/v1/dashboard/users/

Request Fields

FieldTypeDescriptionRequired
emailstringUser's email addressYes
external_idstringYour unique identifier for this user (max 64 characters)Yes
new_passwordstringUser's password (min 8, max 255 characters)Yes
sessions_limitintegerLimit of simultaneous sessions (min 1, max 999999)No
assign_new_planintegerPlan ID to assign to the userNo
new_plan_custom_valid_tostringPlan expiration date (YYYY-MM-DD format)No
adminbooleanWhether user has admin privilegesNo
plan_adminbooleanWhether user has plan admin privilegesNo
only_sees_readablebooleanWhether user only sees readable contentNo

Example Request

{
"email": "[email protected]",
"external_id": "user-id-in-your-platform",
"new_password": "Abcd1234",
"sessions_limit": null,
"assign_new_plan": null,
"new_plan_custom_valid_to": "",
"admin": false,
"plan_admin": false,
"only_sees_readable": true
}

Response Fields

FieldDescriptionType
CODEResponse status codestring
data.idUser IDinteger
data.emailUser emailstring
data.uuidUnique user identifierstring
data.pictureUser profile picture URLstring
data.adminAdmin statusboolean
data.plan_adminPlan admin statusboolean
data.only_sees_readableWhether user only sees readable contentboolean
data.sessions_limitUser session limitinteger
data.created_atCreation timestampobject
data.updated_atLast update timestampobject
data.deleted_atDeletion timestamp (if applicable)object

Example Response

{
"CODE": "success",
"data": {
"id": 923242,
"email": "[email protected]",
"uuid": "af5af4f9-9b8d-4d79-b162-0cec4279cae5",
"picture": "https://www.gravatar.com/avatar/5c472faa5105266a3d41aee277eb9d0c?s=160&d=mm&r=g",
"admin": false,
"plan_admin": false,
"only_sees_readable": false,
"sessions_limit": null,
"created_at": {
"timestamp": 1620931649,
"date": "2021-05-13 18:47:29",
"timezone": "UTC"
},
"updated_at": {
"timestamp": 1621256387,
"date": "2021-05-17 12:59:47",
"timezone": "UTC"
},
"deleted_at": null
}
}

Response Codes

CodeDescription
201User created successfully
422Validation error (details in response)
401Unauthorized (invalid API token)

Retrieve Users

List or search for users.

Endpoint: GET /integration-api/v1/dashboard/users

Query Parameters

ParameterDescriptionExample
query=emailFilter by user email/integration-api/v1/dashboard/users/[email protected]
query=deactivatedShow only deactivated users/integration-api/v1/dashboard/users/?query=deactivated
query=adminsShow only admin users/integration-api/v1/dashboard/users/?query=admins

Response

The response includes detailed user information and pagination metadata when listing multiple users.

Example Response (List)

{
"CODE": "success",
"data": {
"paginator": {
"current_page": 1,
"data": [
{
"id": 923242,
"uuid": "af5af4f9-9b8d-4d79-b162-0cec4279cae5",
"admin": false,
"plan_admin": false,
"email": "[email protected]",
"sessions_limit": 1,
"only_sees_readable": 1,
"picture": "https://www.gravatar.com/avatar/98789c9d5825d6f6c6615313ffcaf1ac?s=160&d=mm&r=g",
"created_at": "2021-05-18T13:28:53.000000Z",
"updated_at": "2021-05-18T13:28:53.000000Z",
"deleted_at": null,
"purchased_issues_with_cancelled_count": 0,
"user_plans_count": 0,
"can_be_edited": true,
"created_at_date_string": "2021-05-18",
"impersonate": "https://example.publica.la/impersonate/take/53114",
"sessions": null,
"ip_ranges": [],
"referrers": [],
"purchased_issues_with_cancelled": [],
"user_plans": []
},
// ... more users ...
],
// ... pagination fields ...
}
}
}

Response Codes

CodeDescription
200Success
404User not found
401Unauthorized (invalid API token)

Update a User

Update an existing user's information.

Endpoint: PUT /integration-api/v1/dashboard/users/(id)

External ID Restriction

The external_id field cannot be modified through the Integration API once a user is created. This restriction prevents breaking integrations with external systems. The external_id must be provided in update requests but must match the current value. To modify the external_id, use the Dashboard web interface.

Request Fields

FieldTypeDescriptionRequired
emailstringUser's email addressYes
external_idstringMust match the current external_id (cannot be changed via API)Yes
new_passwordstringUser's new password (min 8, max 255 characters)No
sessions_limitintegerLimit of simultaneous sessions (min 1, max 999999)No
assign_new_planintegerPlan ID to assign to the userNo
new_plan_custom_valid_tostringPlan expiration date (YYYY-MM-DD format)No
adminbooleanWhether user has admin privilegesNo
plan_adminbooleanWhether user has plan admin privilegesNo
only_sees_readablebooleanWhether user only sees readable contentYes
user_plan_namestringName for the user's planNo

Example Request

{
"email": "[email protected]",
"external_id": "existing-external-id",
"sessions_limit": 3,
"admin": false,
"plan_admin": false,
"only_sees_readable": true
}

Response Codes

CodeDescription
200User updated successfully
422Validation error (details in response)
401Unauthorized (invalid API token)

Common Validation Errors

Error FieldMessageCause
external_id"The external id field is prohibited"Attempting to modify external_id via API
email"The email has already been taken"Email already exists for another user
sessions_limit"The sessions limit must be at most 999999"Sessions limit exceeds maximum

Deactivate a User

Deactivate a user, preventing them from logging in.

Endpoint: DELETE /integration-api/v1/dashboard/users/(id)

important

A deactivated user cannot log in through any means until reactivated. When a user is deactivated, all their active manual orders are automatically cancelled.

Request Parameters

ParameterTypeDescriptionRequired
anonymizebooleanWhether to anonymize user data after deactivation (true/false)No

User Anonymization

When the anonymize parameter is set to true, the user's personal data will be permanently anonymized after deactivation. This process includes:

Data Changes During Anonymization

  • Email: Changed to a generic anonymized format (user-{id}@anonymized.publicala)
  • Name: Completely removed (set to null)
  • External ID: Removed (set to null) to break external system references
  • Anonymized Flag: Set to true to track the anonymization status
  • Subscriptions: All active user subscriptions are automatically cancelled
  • Orders: All active manual orders are cancelled with reason "deactivate_user"

Important Considerations

  • Irreversible Process: Anonymization cannot be undone
  • External System Impact: The external_id is removed, which may break references in your external systems
  • Subscription Cancellation: All user subscriptions (recurring and prepaid) are cancelled automatically
  • No Restoration: Anonymized users cannot be reactivated through any means

Basic Deactivation:

DELETE /integration-api/v1/dashboard/users/923242

Deactivation with Anonymization:

DELETE /integration-api/v1/dashboard/users/923242?anonymize=1

Response

{
"CODE": "success",
"data": []
}

Response Codes

CodeDescription
200User deactivated successfully
404User not found
422Validation error (invalid anonymize parameter)
401Unauthorized (invalid API token)

Reactivate a User

Reactivate a previously deactivated user.

Endpoint: PUT /integration-api/v1/dashboard/users/(id)/re-activate

Anonymized Users

Users who have been anonymized cannot be reactivated. The reactivation endpoint will return a 403 error if attempted on an anonymized user.

Example Request

  • PUT /integration-api/v1/dashboard/users/923242/re-activate

Response

{
"CODE": "success",
"data": 1
}

Response Codes

CodeDescription
200User reactivated successfully
403Cannot restore anonymized users
404User not found
401Unauthorized (invalid API token)

Force User Logout

Force a user to log out of all active sessions.

Endpoint: POST /integration-api/v1/users/(id)/force-logout

important

After logging out, the user will be redirected to the initial URL on their next interaction with the system.

Example Request

  • POST /integration-api/v1/users/923242/force-logout

Response Codes

CodeDescription
200User logged out successfully
404User not found
401Unauthorized (invalid API token)

API Limitations and Best Practices

External ID Management

  • Immutable via API: The external_id field cannot be modified through the Integration API once a user is created
  • Dashboard Only: Changes to external_id must be made through the Dashboard web interface
  • Consistency Required: When updating users, always provide the current external_id value
  • External References: This restriction prevents breaking integrations with external systems
  • Business Logic: The restriction ensures data integrity and prevents orphaned references in third-party systems

User Deactivation Strategies

  • Standard Deactivation: User account is disabled but all data remains intact for potential reactivation
  • Deactivation with Anonymization: User data is permanently anonymized while maintaining system integrity
  • Order Cancellation: All active manual orders are cancelled automatically during deactivation
  • Subscription Management: Anonymization process cancels all user subscriptions (both recurring and prepaid)

Data Validation Rules

  • Email Format: Must be a valid email address and unique within the tenant
  • Password Requirements: Minimum 8 characters, maximum 255 characters (required for creation)
  • Sessions Limit: Must be between 1 and 999,999 if specified
  • External ID: Maximum 64 characters, required for API operations, must be unique within tenant
  • Plan Assignment: Plan must exist and be subscribable when specified

Error Handling

Common validation errors you may encounter:

ErrorCauseSolution
external_id.prohibitedAttempting to modify external_id via APIUse Dashboard web interface or provide current value
external_id.requiredMissing external_id in API requestAlways provide external_id for API operations
anonymize.booleanInvalid anonymize parameterUse true or false only
email.uniqueEmail already existsUse a different email address
sessions_limit.maxSessions limit exceeds 999,999Use a value within the allowed range
new_password.requiredMissing password during creationProvide a password for new users
new_password.minPassword too shortUse at least 8 characters

X

Graph View