Adding users through API without confirming email

I can POST to /users and add a new user succesfully:

$fields = array( 'name' => urlencode($name), 'email' => urlencode($email), 'username' => urlencode($username), 'password' => urlencode($password), 'active' => true, 'api_username' => urlencode($config['api']['username']), 'api_key' => urlencode($config['api']['key']), );

But then the user gets:

“You can’t log in yet. We previously sent an activation email to you at…”

Is it possible to add an extra flag to the /users POST call like “email_confirmed”?

P.S. There’s been multiple threads about this without an internal solution:

I note here you use 'active' => true

… you might try 'active' => 'true' to pass the string 'true' opposed to the boolean value of true which is likely the numeral 1.

You must also ensure that an actual password is set, so double check there is a value being passed.

Currently… I’m pretty sure this is what you will have to do to make it work:

I definitely think this can be improved though!


Sure. Super imperfect solution though.

I don’t even have any idea how to add that internal code from that post to Discourse.

I’m back now to just letting Discourse send invites for new users on my parent site, but it’s not great as sometimes they pick different usernames than on the parent site causing support drama later.

1 Like

I propose a confirmed_email value we can send along and set it to true (like active now):

POST to /users

$fields = array(
'name' => $name,
'email' => $email,
'username' => $username,
'password' => $password,
'active' => true,
'confirmed_email' => true,
'api_username' => $apiUsername,
'api_key' => $apiKey,
1 Like

I have been using 'active' => true and have never run into this issue. Every user in my Discourse is created through the API too - so I would have run into this if it were the case. I set name, username, email, and password in the user creation. Never have received this notice.

P.S. I have SSO enabled, not sure if that’s a factor.

'confirmed_email' => true,

Does this mean user need to confirm their email address, or not need to?