One of the features of the AtScale API is the ability to create, edit, and delete a user. This opens up a lot of possibilities for automated and third-party administration. More API functionality can be found under the documentation in the For Developers section.
To create, update, or delete a user, the usage of two API endpoints will be needed: the Design Center API to obtain the JWT and organizational information, and the Account API to get information on roles, users and, finally, to perform the actions on the individual user accounts.
For these examples, the AtScale application will be found at http://atscale.example.com with the Design Center API at port 10500 and Account API at port 10504. Although this example URI uses the unencrypted HTTP channel, HTTPS is strongly recommended.
Obtain a JWT through the Design Center API
export BearerToken=`curl -u userid:pwd -X GET http://atscale.example.com:10500/default/auth`
There are several notes here.
- The authorization header uses Basic auth Base64 encoded username and password credentials in the syntax "authorization: Basic Base64(username:password)"
- The JWT has a default lifetime of 1 hour, which can be adjusted through SETTINGS > Organization Settings > Organization Configuration under the TTL Duration for the JWT section.
- If you try to access an API with an expired token, an HTTP 401 response will be returned--obtain a new JWT.
This will return the token to you, which you will use in subsequent requests by submitting it as an authorization header as a Bearer token. You'll see how to do this in all of the following examples.
Creating a User
List Organizations
First, you'll need to know which organization to create the user. Without any organization adjustments, everything defaults to the organization "default,"--but let's look at what's available.
For example: export BearerToken=`curl -u admin:admin -X GET http://atscale.example.com:10500/default/auth` % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1210 100 1210 0 0 1339 0 --:--:-- --:--:-- --:--:-- 1338 curl -X GET "http://atscale.example.com:10500/api/1.0/org/"" -H "authorization: Bearer ${BearerToken}" {"status":{"i18n_message":"response.ok","message":"OK"},"response":[{"id":"default","name":"default","NumberOfUsers":7}]}%
This indicates that there have been no adjustments to the organization structure in this setup, so only "default" is returned.
List Organization Roles
To create a user, you need to define what role(s) they'll belong to, so you'll need to get a listing of the roles for the organization. In this example and all following, we'll use the "default" organization, which comes from the response.id property in the List Organizations response above.
curl -X GET "http://atscale.example.com:10500/api/1.0/org/default/roles"" -H "authorization: Bearer ${BearerToken}" {"status":{"i18n_message":"response.ok","message":"OK"},"response":{"roles":[{"id":"designcenter_user","title":"Design Center User","permissions": [{"id":"dc_user","name":"designcenter.user"}, {"id":"aggregates_view","name":"aggregates.view"}, {"id":"queries_view","name":"queries.view"}, {"id":"object_create","name":"object.create"}, {"id":"global.project.edit","name":"global.project.edit"} ....
response.roles.id, which identifies the role id we'll use in subsequent requests
response.roles.title is the user-friendly title given to the role so you can easily identify the one to use.
Create User
For example, Use the previously created "Basic Role" role to create the user.
curl -X POST "http://atscale.example.com:10500/api/1.0/org/default/users"" -H "authorization: Bearer ${BearerToken}" -H "content-type: application/json" -d '{ "username" : "test-api-user", "confirm_password" : "testpw", "password" : "testpw", "email" : "test-api-user@atscale.com", "name" : "Test API User", "roles": ["designcenter_user"] }' {"status":{"i18n_message":"response.ok","message":"OK"},"response":{"user_id":"","name":"Test API
- This creates the user test-api-user with the name Test API User and email test-api-user@atscale.com with the password testpw.
Assuming all lines up, you'll get an HTTP 200 OK response that this user has been created.