Skip to main content
POST
/
api
/
adm
/
users
Create User
curl --request POST \
  --url https://localhost:44371/api/adm/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{}'
{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Description

Establishes a new user account in the Chargeworx platform’s Identity Server. This creates the authentication identity that will be used for login. After creating a user, you typically associate them with one or more companies using CompanyUserController and assign appropriate roles and permissions.

Input

  • Body: model (UserCreateCommandRequest, required) — User creation details including:
    • email (string, required) — Unique email address (login identifier).
    • firstName (string, required) — User’s first name.
    • lastName (string, required) — User’s last name.
    • password (string, required) — User’s password (must meet complexity requirements).
    • phoneNumber (string, optional) — Contact phone number.
    • isActive (bool, optional) — Active status (default: true).

Output

Returns a UserCreateCommandResponse containing the ID of the newly created user.

Example Request

POST /api/admin/users
Content-Type: application/json
Authorization: Bearer {token}

{
  "email": "[email protected]",
  "firstName": "John",
  "lastName": "Smith",
  "phoneNumber": "555-0123",
  "password": "SecureP@ssw0rd123",
  "isActive": true
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Errors

  • 400 Bad Request — Missing required fields, email already exists, invalid email format, password does not meet requirements, or field exceeds maximum length.
  • 401 Unauthorized — Missing or invalid authentication token.
  • 403 Forbidden — User does not have permission to create users.

Notes

  • Email address serves as the unique login identifier and cannot be changed easily after creation.
  • Password is hashed before storage and never returned in API responses.
  • New users must be explicitly associated with companies via CompanyUserController.
  • User creation does not automatically grant any company access or roles.
  • Phone numbers are optional but recommended for account recovery and multi-factor authentication.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

The user creation request containing email, name, password, and optional profile information.

Represents the payload required to create a new user.

email
string<email>
required

The email address for the new user.

Maximum string length: 250
firstName
string | null

First Name

Maximum string length: 150
lastName
string | null

Last Name

Maximum string length: 150
phone
string | null

The phone number recorded for the user.

Maximum string length: 25
roles
enum<string>

The application roles assigned to the user.

Available options:
None,
Admin,
User

Response

Always returned. Check the success property in the response body to determine if the operation succeeded.

Represents the response returned after a user creation command executes.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

id
string<guid>

Unique identifier of the newly created entity.

Example:

"3fa85f64-5717-4562-b3fc-2c963f66afa6"