Create-User via REST-API, does not seem to be working

hat_trick · February 28, 2025, 10:16pm

Hi,

I created a new user using the REST API.

But I am unable to login with the new user credentials. When I search the users table, I cannot find the user account.

To troubleshoot the problem, I ran the following CURL cmd.

I also tried using a JSON payload with the CURL cmd.

I get the same result both times: I cannot login using the new user credentials and the new user is not found in the users table.

Any ideas?

Thanks

supermathie · February 28, 2025, 10:33pm

The message here is somewhat misleading; active:false indicates the user was not created but already existed.

Check to ensure there isn’t already a user with the same email address, especially if normalize_emails is enabled.

RGJ · March 1, 2025, 12:08am

Seems similar to User creation API: ‘active’ attribute set to True but returns False in response

tgxworld · March 3, 2025, 7:53am

I realised that there is an error in our API docs. The active param is only permitted when an API key associated to an admin user is used and has been the case since 2016.

For now, I’ve corrected the docs in

supermathie · March 3, 2025, 4:03pm

This will help, yeah.

It still doesn’t address the original problem of the message being misleading for admins though.

○ → curl -X POST -H "api-key: $API_KEY" -H 'api-username: michael' https://try.discourse.org/users.json --json "$(jo email=michael+test@contoso.com username=michaeltest password=$PASSWORD active=true approved=true)"
{"success":true,"active":true,"message":"Your account is activated and ready to use."}

○ → curl -X POST -H "api-key: $API_KEY" -H 'api-username: michael' https://try.discourse.org/users.json --json "$(jo email=michael+test2@contoso.com username=michaeltest2 password=$PASSWORD active=true approved=true)"
{"success":true,"active":false,"message":"Your account is activated and ready to use."}

^ only a single user was created above

I’m inferring a lot of obfuscation was put into the /users.json path to deter spammers etc. but this seems to be making things difficult for admins as well. I wonder if we should add an explicit admin path to separate the two (normal account creation vs. admin account creation) which will allow the admin function to be unobfuscated.

hat_trick · March 3, 2025, 11:37pm

You are correct. This was the problem: A user with the same email address already exists.

I was searching by username and by created_at desc, which was why the new user didn’t come up in the search results.

The successful response threw me off.

Thank you for your help.

Topic		Replies	Views
User creation via API is a mess! Support rest-api	2	38	January 14, 2025
Creating users through RESTFUL Users API - Users.json got wiped Dev rest-api	4	1661	February 28, 2019
Create user using API (curl command) Dev rest-api	1	97	July 9, 2024
Cant create new users Support rest-api	2	44	October 4, 2024
Creating and activating users from the API Dev	3	1564	September 21, 2020

Create-User via REST-API, does not seem to be working

Related topics