# Users

## Set temporary users configuration

 - [PUT /resources/users/temporary/v1/configuration](https://developers.frontegg.com/ciam/api/identity/users/temporaryusersv1controller_updateconfiguration.md): This route updates the settings for temporary users, use it to enable or disable it for an environment

## Update user (global)

 - [PUT /resources/users/v1/{userId}](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_updateuserforvendor.md): Updates a user’s information globally. Provide the user ID as a path parameter and include the fields to update in the request body. The route supports partial updates—only the provided fields are changed. For identifier fields such as emails or phones, new items are added instead of replacing existing ones.

## Get user

 - [GET /resources/vendor-only/users/v1/{userId}](https://developers.frontegg.com/ciam/api/identity/users/vendoronlyusers_getuserbyid.md): Retrieve a user by ID, regardless of account (tenant).

Provide the user's ID as a path parameter.

This route is for management use only.

## Unenroll user from MFA globally

 - [POST /resources/vendor-only/users/v1/{userId}/mfa/unenroll](https://developers.frontegg.com/ciam/api/identity/users/vendoronlyusers_mfaunenroll.md): Unenroll a user from MFA, regardless of account (tenant).

Provide the user's ID as a path parameter.

This route is for manag use only.

## Verify user's password

 - [POST /resources/vendor-only/users/v1/passwords/verify](https://developers.frontegg.com/ciam/api/identity/users/vendoronlyusers_verifyuserpassword.md): Verify a user's email and password.

Provide the user's email and password in the request body. The response will indicate true or false.

This route is for management use only.

## Create user

 - [POST /resources/vendor-only/users/v1](https://developers.frontegg.com/ciam/api/identity/users/vendoronlyusers_createuser.md): Create a user and set the mfaBypass property for testing purposes.

This route is for management use only.

## Get users account (tenant) statuses

 - [GET /resources/tenants/users/v1/statuses](https://developers.frontegg.com/ciam/api/identity/users/get.md): Retrieve the account (tenant) statuses of vendor users.

Provide an array of userIds (maximum 200) and optionally an array of userTenantStatuses as query parameters. There is a limit of 2000 account (tenant) statuses per user.

## Create user phone number verified by default

 - [POST /resources/users/phone-numbers/v1/vendor/{userId}](https://developers.frontegg.com/ciam/api/identity/users/userphonenumberscontrollerv1_createuserphonenumbervendor.md): Creates a new phone number for a user. Phone numbers added via this management endpoint are automatically verified.

## Delete user phone number on an environment

 - [DELETE /resources/users/phone-numbers/v1/vendor/{userId}/{phoneId}](https://developers.frontegg.com/ciam/api/identity/users/userphonenumberscontrollerv1_deleteuserphonenumbervendor.md): Delete a user phone number without verification.

## Invite users to an account (tenant) in bulk

 - [POST /resources/users/bulk/v1/invite](https://developers.frontegg.com/ciam/api/identity/users/usersbulkcontrollerv1_bulkinviteusers.md): Invite users to an account (tenant) in bulk.

Provide an array of users in the request body. Each entry must include a user's email.

## Get status of bulk invite task

 - [GET /resources/users/bulk/v1/status/{id}](https://developers.frontegg.com/ciam/api/identity/users/usersbulkcontrollerv1_getbulkinvitestatus.md): Invite users to an account (tenant) in bulk.

Provide an array of users in the request body. Each entry must include a user's email.

## Get user by email

 - [GET /resources/users/v1/email](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_getuserbyemail.md): Retrieve a user by email.

Provide the user's email as a query parameter.

## Get user by ID

 - [GET /resources/users/v1/{id}](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_getuserbyid.md): Retrieve a specific user from an account (tenant).

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Verify user

 - [POST /resources/users/v1/{userId}/verify](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_verifyuser.md): Mark a user as verified.

Provide the user's ID as a path parameter.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Make user invisible

 - [PUT /resources/users/v1/{userId}/invisible](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_setuserinvisiblemode.md): Set whether a user is invisible or visible.

An invisible user remains part of the account (tenant) but will not appear in the list of users in the admin box. The user data remains in the system.

Provide the user's ID as a path parameter and a Boolean invisible value in the request body (true for invisible, false for visible).

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Make user super-user

 - [PUT /resources/users/v1/{userId}/superuser](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_setusersuperusermode.md): Set a user as a super-user.

Super-user functionality is no longer maintained due to incompatibility with newer features. A super-user has access to all accounts (tenants) within the workspace.

Provide the user's ID as a path parameter and a Boolean superUser value in the request body (true for super-user, false for regular user).

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Set user's account (tenant)

 - [PUT /resources/users/v1/{userId}/tenant](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_updateusertenantforvendor.md): Set the active account (tenant) of a user.

The active account (tenant) is the account (tenant) the user will see in their admin portal and the account (tenant) used by default for account (tenant)-specific API routes.

Provide the user's ID as a path parameter and the account (tenant) ID as a tenantId value in the request body. If a non-existing account (tenant) ID is provided, an account (tenant) will be created for that ID.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Add user to account (tenant)

 - [POST /resources/users/v1/{userId}/tenant](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_addusertotenantforvendor.md): Add a user to an account (tenant).

Provide the user's ID as a path parameter and the account (tenant) ID as a tenantId value in the request body. To skip sending an invite email, include the optional skipInviteEmail parameter in the request body and set it to true.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Update user email

 - [PUT /resources/users/v1/{userId}/email](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_updateuseremail.md): Update a user's email address globally, regardless of account (tenant).

Provide the user's ID as a path parameter and the new email address as an email value in the request body.

## Generate activation token

 - [POST /resources/users/v1/{userId}/links/generate-activation-token](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_generateuseractivationlink.md): Generate a new activation token for a user.

Provide the user's ID as a path parameter. This route does not send the activation email but returns the activation link and token. It can be used in combination with the routes under Users Activation.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Generate password reset token

 - [POST /resources/users/v1/{userId}/links/generate-password-reset-token](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_generateuserpasswordresetlink.md): Generate a password reset token for a user.

Provide the user's ID as a path parameter. This route does not send the reset password email but returns the reset link and token. It can be used in combination with the routes under Users Passwords.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Unlock user

 - [POST /resources/users/v1/{userId}/unlock](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_unlockuser.md): Unlock a locked user.

An unlocked user can sign in and use the system globally, regardless of account (tenant). Provide the user's ID as a path parameter.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Lock user

 - [POST /resources/users/v1/{userId}/lock](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_lockuser.md): Lock a user.

A locked user cannot sign in or use the system globally, regardless of account (tenant). Provide the user's ID as a path parameter.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

## Move all users from one account (tenant) to another

 - [PUT /resources/users/v1/tenants/migrate](https://developers.frontegg.com/ciam/api/identity/users/userscontrollerv1_movealluserstenants.md): Migrate all users from a source account (tenant) to a target account (tenant).

Specify srcTenantId (source account (tenant) ID) and targetTenantId (target account (tenant) ID) in the request body.

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.