Skip to main content
POST
/
api
/
adm
/
users
Create User
curl --request POST \
  --url https://localhost:44371/api/adm/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{}'
{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Description

Establishes a new user account in the Chargeworx platform’s Identity Server. This creates the authentication identity that will be used for login. After creating a user, you typically associate them with one or more companies using CompanyUserController and assign appropriate roles and permissions.

Input

  • Body: model (UserCreateCommandRequest, required) — User creation details including:
    • email (string, required) — Unique email address (login identifier).
    • firstName (string, required) — User’s first name.
    • lastName (string, required) — User’s last name.
    • password (string, required) — User’s password (must meet complexity requirements).
    • phoneNumber (string, optional) — Contact phone number.
    • isActive (bool, optional) — Active status (default: true).

Output

Returns a UserCreateCommandResponse containing the ID of the newly created user.

Example Request

POST /api/admin/users
Content-Type: application/json
Authorization: Bearer {token}

{
  "email": "[email protected]",
  "firstName": "John",
  "lastName": "Smith",
  "phoneNumber": "555-0123",
  "password": "SecureP@ssw0rd123",
  "isActive": true
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Errors

  • 400 Bad Request — Missing required fields, email already exists, invalid email format, password does not meet requirements, or field exceeds maximum length.
  • 401 Unauthorized — Missing or invalid authentication token.
  • 403 Forbidden — User does not have permission to create users.

Notes

  • Email address serves as the unique login identifier and cannot be changed easily after creation.
  • Password is hashed before storage and never returned in API responses.
  • New users must be explicitly associated with companies via CompanyUserController.
  • User creation does not automatically grant any company access or roles.
  • Phone numbers are optional but recommended for account recovery and multi-factor authentication.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

The user creation request containing email, name, password, and optional profile information.

Base structure for command requests that modify data. Represents the payload required to create a new user.

email
string<email>
required

The email address for the new user.

Maximum string length: 250
firstName
string | null

First Name

Maximum string length: 150
lastName
string | null

Last Name

Maximum string length: 150
phone
string | null

The phone number recorded for the user.

Maximum string length: 25
roles
enum<string>

The application roles assigned to the user.

Available options:
None,
Admin,
User

Response

Always returned. Check the success property in the response body to determine if the operation succeeded.

Standard response structure containing operation status and error information. Standard command response indicating the result of a data modification. Create response containing the identifier of the newly created entity. Represents the response returned after a user creation command executes.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

id
string<guid>

Unique identifier of the newly created entity.

Example:

"3fa85f64-5717-4562-b3fc-2c963f66afa6"