# User management ## Disable user account (tenant) - [POST /resources/tenants/users/v1/{userId}/disable](https://developers.frontegg.com/ciam/api/identity/user-management/userstenantscontrollerv1_disableusertenant.md): Disable a user for an account (tenant). A disabled user cannot log in to the account (tenant) or use the system. Provide the user's ID as a path parameter. ## Enable user account (tenant) - [POST /resources/tenants/users/v1/{userId}/enable](https://developers.frontegg.com/ciam/api/identity/user-management/userstenantscontrollerv1_enableusertenant.md): Enable a disabled user for an account (tenant). An enabled user can log in and use the system. Provide the user's ID as a path parameter. ## Sets a permanent user to temporary - [PUT /resources/users/temporary/v1/{userId}](https://developers.frontegg.com/ciam/api/identity/user-management/temporaryusersv1controller_edittimelimit.md): Update the settings for temporary users. Use this route to enable or disable temporary users for your environment ## Sets a temporary user to permanent - [DELETE /resources/users/temporary/v1/{userId}](https://developers.frontegg.com/ciam/api/identity/user-management/temporaryusersv1controller_setuserpermanent.md): Set an existing temporary user as permanent. Provide the user's ID as a path parameter. ## Gets temporary users configuration - [GET /resources/users/temporary/v1/configuration](https://developers.frontegg.com/ciam/api/identity/user-management/temporaryusersv1controller_getconfiguration.md): Retrieve the settings for temporary users. Use this endpoint to check whether the policy is enabled or disabled. ## Get all user emails - [GET /resources/users/emails/v1](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_getallemails.md): This route returns all user emails. ## Create a user email - [POST /resources/users/emails/v1](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_createuseremail.md): This route creates a user email. ## Verify user email - [POST /resources/users/emails/v1/verify](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_verifyuseremail.md): This route verifies a user email. ## Delete a user email - [DELETE /resources/users/emails/v1/{emailId}](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_deleteuseremail.md): This route deletes a user email. ## Create a user email for vendor - [POST /resources/users/emails/v1/vendor/{userId}](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_createuseremailforvendor.md): Creates a new email address for a user. ## Delete a user email for vendor - [DELETE /resources/users/emails/v1/vendor/{userId}/{emailId}](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_deleteuseremailforvendor.md): This route deletes a user email. ## Mark email as primary for vendor - [POST /resources/users/emails/v1/vendor/{userId}/primary](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_markemailasprimary.md): This route marks an email as primary. ## Mark email as primary - [POST /resources/users/emails/v1/me/primary](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_markemailasprimaryme.md): This route marks an email as primary. ## Get current user`s emails - [GET /resources/users/emails/v1/me](https://developers.frontegg.com/ciam/api/identity/user-management/useremailscontrollerv1_getuserownemails.md): This route returns all user emails for the current user. ## Set sub-account access for a user - [PUT /resources/sub-tenants/users/v1/{userId}/access](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_setuserrolesfromsubtenants.md): Set sub-account access for a user. Use this endpoint to enable or disable sub-account access by setting the value to true or false. ## Reset user activation token - [POST /resources/users/v1/activate/reset](https://developers.frontegg.com/ciam/api/identity/user-management/usersactivationcontrollerv1_resetactivationtoken.md): Reset the activation token for a user and trigger a new activation email. Provide the user's ID as a path parameter. ## Reset invitation - [POST /resources/users/v1/invitation/reset](https://developers.frontegg.com/ciam/api/identity/user-management/userstenantmanagementcontrollerv1_resettenantinvitationtoken.md): Reset an invitation for a user to join a specific account (tenant). The response includes a new invitation link with a new token. ## Reset all invitation tokens - [POST /resources/users/v1/invitation/reset/all](https://developers.frontegg.com/ciam/api/identity/user-management/userstenantmanagementcontrollerv1_resetalltenantsinvitationtoken.md): Reset all invitations for a user to join all sub-accounts (tenants) that currently have an invitation token. The response includes new invitation links with new tokens. ## Get users - [GET /resources/users/v3](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv3_getusers.md): Retrieve all users for an account (tenant) or for the entire environment. ## Get users roles - [GET /resources/users/v3/roles](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv3_getusersroles.md): Retrieve all user roles for an account (tenant). ## Get users groups - [GET /resources/users/v3/groups](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv3_getusersgroups.md): Retrieve all user groups for an account (tenant). ## Unlock user - [POST /resources/users/v3/me/unlock](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv3_unlock.md): Unlock your user account. Provide the required information in the request body to unlock the account. ## Invite user - [POST /resources/users/v2](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv2_createuser.md): Create a user for a specific account (tenant). Include the user's information in the request body. The email and metadata fields are required. The metadata field can be empty (e.g., {}). ## Update user profile - [PUT /resources/users/v2/me](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv2_updateuserprofile.md): Update the profile of a logged-in user. Provide the updated values in the request body. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Get user profile - [GET /resources/users/v2/me](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv2_getuserprofile.md): Retrieve the profile of a logged-in user. No parameters are required. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Update user - [PUT /resources/users/v1](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_updateuser.md): TUpdate a user's information for a specific account (tenant). Include the updated user information in the request body. ## Remove user - [DELETE /resources/users/v1/{userId}](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_removeuserfromtenant.md): Remove a user globally or from a specific account (tenant). An environment token is required for this route and can be obtained from the environment authentication route. ## Assign roles to user - [POST /resources/users/v1/{userId}/roles](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_addrolestouser.md): Associate roles to a specific user for a specific account (tenant). ## Unassign roles from user - [DELETE /resources/users/v1/{userId}/roles](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_deleterolesfromuser.md): Disassociate roles from a specific user for a specific account (tenant). Include the role IDs in the request body as an array of strings. ## Update user's active account (tenant) - [PUT /resources/users/v1/tenant](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_updateusertenant.md): Update the current account (tenant) for a logged-in user. Use this endpoint when a user belongs to multiple accounts (tenants) and wants to change the active account (tenant). Include the target account (tenant) ID in the request body. ## Get users with fuzzy search - [GET /resources/users/v1/query/phrase](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_searchusers.md): Retrieve all users for a specific account (tenant) or for the entire environment. In addition to all standard Get users query parameters, this route supports phrase search, enabling complex queries with options such as contains, excludes, optional, and approximate matching. ## Get usernames for users - [GET /resources/usernames/v1](https://developers.frontegg.com/ciam/api/identity/user-management/usernamescontrollerv1_getusersusernames.md): This route gets usernames for users. ## Create a username for user - [POST /resources/usernames/v1](https://developers.frontegg.com/ciam/api/identity/user-management/usernamescontrollerv1_createusername.md): This route creates a username for a user. ## Delete a username for user - [DELETE /resources/usernames/v1/{username}](https://developers.frontegg.com/ciam/api/identity/user-management/usernamescontrollerv1_deleteusername.md): This route deletes a username for a user. ## Get authenticated user's username - [GET /resources/usernames/v1/me](https://developers.frontegg.com/ciam/api/identity/user-management/usernamescontrollerv1_getmeusernames.md) ## Update user email - [POST /resources/users/v1/email/me](https://developers.frontegg.com/ciam/api/identity/user-management/selfemailupdatecontrollerv1_updateemailme.md): This route updates the email for a user. ## Verify user email - [POST /resources/users/v1/email/me/verify](https://developers.frontegg.com/ciam/api/identity/user-management/selfemailupdatecontrollerv1_verifyemailme.md): This route verifies the email for a user. ## Activate user - [POST /resources/users/v1/activate](https://developers.frontegg.com/ciam/api/identity/user-management/usersactivationcontrollerv1_activateuser.md): Activate a non-activated user. Include the userId and activationToken in the request body. If required by your environment's sign-in flow, also include the user's password and reCAPTCHA values. You can generate an activation token using the route under Users → Generate Activation Token. Alternatively, you can use the built-in email template for user activation. ## Activate user with code - [POST /resources/users/v1/activate/code](https://developers.frontegg.com/ciam/api/identity/user-management/usersactivationcontrollerv1_activateuserwithcode.md): Activate a non-activated user. Use this endpoint to implement a custom activation flow. Include the userId, activationToken, and code in the request body. If required by your environment's sign-in flow, also include the user's password and reCAPTCHA values. You can generate an activation token using the route under Users → Generate Activation Token. Alternatively, you can use the built-in email template for user activation. ## Get user activation strategy - [GET /resources/users/v1/activate/strategy](https://developers.frontegg.com/ciam/api/identity/user-management/usersactivationcontrollerv1_getactivationstrategy.md): Retrieve a user's activation strategy. The activation strategy indicates whether the user needs to set a password. Include the userId and activationToken in the request body. You can generate an activation token using the route under Users → Generate Activation Token. The response returns a Boolean field shouldSetPassword. If true, the user needs to set a password. If false, the user does not need to set a password (for example, SSO users do not set passwords). ## Accept invitation - [POST /resources/users/v1/invitation/accept](https://developers.frontegg.com/ciam/api/identity/user-management/userstenantmanagementcontrollerv1_acceptinvitation.md): Accept an invitation for a user to join a specific account (tenant). Include the userId and invitationToken in the request body. These values appear as query parameters in the URL that Frontegg sends to the user in the activation email. ## Accept invitation with code - [POST /resources/users/v1/invitation/accept/code](https://developers.frontegg.com/ciam/api/identity/user-management/userstenantmanagementcontrollerv1_acceptinvitationwithcode.md): Accept an invitation to join a specific account (tenant) using an invitation code. Include the required userId, invitationToken, and code in the request body. ## Get user profile - [GET /resources/users/v3/me](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv3_getuserprofile.md): Retrieve the profile of a logged-in user. No parameters are required. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Get user accounts (tenants) - [GET /resources/users/v2/me/tenants](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv2_getusertenants.md): Retrieve the list of accounts (tenants) that a logged-in user belongs to. No parameters are required. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Get user accounts (tenants) hierarchy - [GET /resources/users/v2/me/hierarchy](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv2_getusertenantshierarchy.md): Retrieve the list of accounts (tenants) with hierarchy metadata that a logged-in user belongs to. If the user is a member of multiple accounts (tenants) in a hierarchy, some entries may be reduced based on the hierarchy structure. No parameters are required. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Get user permissions and roles - [GET /resources/users/v1/me/authorization](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_getmeauthorization.md): Retrieve the list of permissions and roles that a logged-in user has. No parameters are required. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Get user accounts (tenants) - [GET /resources/users/v1/me/tenants](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_getusertenants.md): Retrieve the list of accounts (tenants) that a logged-in user belongs to. No parameters are required. Use your Frontegg subdomain or custom domain as the host. A user token is required for this route and can be obtained after user authentication. ## Create user (deprecated) - [POST /resources/users/v1](https://developers.frontegg.com/ciam/api/identity/user-management/userscontrollerv1_createuser.md): Use the V2 route for Invite User. This route is no longer relevant.