Create/Import User (Human)

Create/import a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.

Header Parameters

x-zitadel-orgid string
The default is always the organization of the requesting user. If you like to add users to another organization include the header. Make sure the user has permission in the requested organization.

application/json
application/grpc
application/grpc-web+proto

Request Body required

userName string required
profile object required
Profile includes the basic information of a user, like first name, last name, etc.
firstName string required
Possible values: non-empty and <= 200 characters
lastName string required
Possible values: non-empty and <= 200 characters
nickName string
Possible values: <= 200 characters
displayName string
Possible values: <= 200 characters
preferredLanguage string
Possible values: <= 10 characters
gender string
Possible values: [GENDER_UNSPECIFIED, GENDER_FEMALE, GENDER_MALE, GENDER_DIVERSE]
Default value: GENDER_UNSPECIFIED
email object required
email string required
Object that contains the email address and a verified flag.
isEmailVerified boolean
If email verified is set to true, the email will be added as verified and the user doesn't have to verify.
phone object
Object that contains the number and a verified flag
phone string
Possible values: non-empty and <= 50 characters
mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)
isPhoneVerified boolean
password string
hashedPassword object
Use this to import hashed passwords from another system.
value string
algorithm string
passwordChangeRequired boolean
If this is set to true, the user has to change the password on the next login.
requestPasswordlessRegistration boolean
If this is set to true, you will get a link for the passwordless/passkey registration in the response.
otpCode string
idps object[]
To link your user directly with an external identity provider (Identity brokering)
Array [
configId string
Possible values: non-empty and <= 200 characters
The internal ID of the identity provider configured in ZITADEL.
externalUserId string
Possible values: non-empty and <= 200 characters
The id of the user in the external identity provider
displayName string
Possible values: <= 200 characters
A display name ZITADEL can show on the linked provider.
]

Request Body required

userName string required
profile object required
Profile includes the basic information of a user, like first name, last name, etc.
firstName string required
Possible values: non-empty and <= 200 characters
lastName string required
Possible values: non-empty and <= 200 characters
nickName string
Possible values: <= 200 characters
displayName string
Possible values: <= 200 characters
preferredLanguage string
Possible values: <= 10 characters
gender string
Possible values: [GENDER_UNSPECIFIED, GENDER_FEMALE, GENDER_MALE, GENDER_DIVERSE]
Default value: GENDER_UNSPECIFIED
email object required
email string required
Object that contains the email address and a verified flag.
isEmailVerified boolean
If email verified is set to true, the email will be added as verified and the user doesn't have to verify.
phone object
Object that contains the number and a verified flag
phone string
Possible values: non-empty and <= 50 characters
mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)
isPhoneVerified boolean
password string
hashedPassword object
Use this to import hashed passwords from another system.
value string
algorithm string
passwordChangeRequired boolean
If this is set to true, the user has to change the password on the next login.
requestPasswordlessRegistration boolean
If this is set to true, you will get a link for the passwordless/passkey registration in the response.
otpCode string
idps object[]
To link your user directly with an external identity provider (Identity brokering)
Array [
configId string
Possible values: non-empty and <= 200 characters
The internal ID of the identity provider configured in ZITADEL.
externalUserId string
Possible values: non-empty and <= 200 characters
The id of the user in the external identity provider
displayName string
Possible values: <= 200 characters
A display name ZITADEL can show on the linked provider.
]

Request Body required

userName string required
profile object required
Profile includes the basic information of a user, like first name, last name, etc.
firstName string required
Possible values: non-empty and <= 200 characters
lastName string required
Possible values: non-empty and <= 200 characters
nickName string
Possible values: <= 200 characters
displayName string
Possible values: <= 200 characters
preferredLanguage string
Possible values: <= 10 characters
gender string
Possible values: [GENDER_UNSPECIFIED, GENDER_FEMALE, GENDER_MALE, GENDER_DIVERSE]
Default value: GENDER_UNSPECIFIED
email object required
email string required
Object that contains the email address and a verified flag.
isEmailVerified boolean
If email verified is set to true, the email will be added as verified and the user doesn't have to verify.
phone object
Object that contains the number and a verified flag
phone string
Possible values: non-empty and <= 50 characters
mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)
isPhoneVerified boolean
password string
hashedPassword object
Use this to import hashed passwords from another system.
value string
algorithm string
passwordChangeRequired boolean
If this is set to true, the user has to change the password on the next login.
requestPasswordlessRegistration boolean
If this is set to true, you will get a link for the passwordless/passkey registration in the response.
otpCode string
idps object[]
To link your user directly with an external identity provider (Identity brokering)
Array [
configId string
Possible values: non-empty and <= 200 characters
The internal ID of the identity provider configured in ZITADEL.
externalUserId string
Possible values: non-empty and <= 200 characters
The id of the user in the external identity provider
displayName string
Possible values: <= 200 characters
A display name ZITADEL can show on the linked provider.
]

Responses

200
default

A successful response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

userId string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
passwordlessRegistration object
link string
lifetime deprecated: use expiration instead
expiration string

{
  "userId": "string",
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-10",
    "changeDate": "2023-05-10",
    "resourceOwner": "69629023906488334"
  },
  "passwordlessRegistration": {
    "link": "string",
    "lifetime": "string",
    "expiration": "string"
  }
}

Schema
Example (from schema)

Schema

userId string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
passwordlessRegistration object
link string
lifetime deprecated: use expiration instead
expiration string

{
  "userId": "string",
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-10",
    "changeDate": "2023-05-10",
    "resourceOwner": "69629023906488334"
  },
  "passwordlessRegistration": {
    "link": "string",
    "lifetime": "string",
    "expiration": "string"
  }
}

Schema
Example (from schema)

Schema

userId string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
passwordlessRegistration object
link string
lifetime deprecated: use expiration instead
expiration string

{
  "userId": "string",
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-10",
    "changeDate": "2023-05-10",
    "resourceOwner": "69629023906488334"
  },
  "passwordlessRegistration": {
    "link": "string",
    "lifetime": "string",
    "expiration": "string"
  }
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Create/Import User (Human)​

Create/Import User (Human)