The Users service allows you to manage your project users. Use this service to search, block, and view your users' info, current sessions, and latest activity logs. You can also use the Users service to edit your users' preferences and personal info.
https://cloud.appwrite.io/v1
List users
Get a list of all the project's users. You can use the query params to filter your results.
Request
queries array Array of query strings generated using the Query class provided by the SDK. Learn more about queries. Maximum of 100 queries are allowed, each 4096 characters long. You may filter on the following attributes: name, email, phone, status, passwordUpdate, registration, emailVerification, phoneVerification
search string Search term to filter your list results. Max length: 256 chars.
Response
200 application/json
GET /users
query {
usersList {
total
users {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
}
Create user
Create a new user.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string User email.
phone string Phone number. Format this number with a leading '+' and a country code, e.g., +16175551212.
password string Plain text user password. Must be at least 8 chars.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users
mutation {
usersCreate(
userId: "[USER_ID]"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Create user with Argon2 password
Create a new user. Password provided must be hashed with the Argon2 algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using Argon2.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/argon2
mutation {
usersCreateArgon2User(
userId: "[USER_ID]",
email: "email@example.com",
password: "password"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Create user with bcrypt password
Create a new user. Password provided must be hashed with the Bcrypt algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using Bcrypt.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/bcrypt
mutation {
usersCreateBcryptUser(
userId: "[USER_ID]",
email: "email@example.com",
password: "password"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
List Identities
Get identities for all users.
Request
queries string Array of query strings generated using the Query class provided by the SDK. Learn more about queries. Maximum of 100 queries are allowed, each 4096 characters long. You may filter on the following attributes: userId, provider, providerUid, providerEmail, providerAccessTokenExpiry
search string Search term to filter your list results. Max length: 256 chars.
Response
200 application/json
GET /users/identities
query {
usersListIdentities {
total
identities {
_id
_createdAt
_updatedAt
userId
provider
providerUid
providerEmail
providerAccessToken
providerAccessTokenExpiry
providerRefreshToken
}
}
}
Delete Identity
Delete an identity by its unique ID.
Request
identityId string requiredIdentity ID.
Response
204 application/json
DELETE /users/identities/{identityId}
mutation {
usersDeleteIdentity(
identityId: "[IDENTITY_ID]"
) {
status
}
}
Create user with MD5 password
Create a new user. Password provided must be hashed with the MD5 algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using MD5.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/md5
mutation {
usersCreateMD5User(
userId: "[USER_ID]",
email: "email@example.com",
password: "password"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Create user with PHPass password
Create a new user. Password provided must be hashed with the PHPass algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or pass the string
ID.unique()to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using PHPass.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/phpass
mutation {
usersCreatePHPassUser(
userId: "[USER_ID]",
email: "email@example.com",
password: "password"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Create user with Scrypt password
Create a new user. Password provided must be hashed with the Scrypt algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using Scrypt.
passwordSalt string requiredOptional salt used to hash password.
passwordCpu integer requiredOptional CPU cost used to hash password.
passwordMemory integer requiredOptional memory cost used to hash password.
passwordParallel integer requiredOptional parallelization cost used to hash password.
passwordLength integer requiredOptional hash length used to hash password.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/scrypt
mutation {
usersCreateScryptUser(
userId: "[USER_ID]",
email: "email@example.com",
password: "password",
passwordSalt: "[PASSWORD_SALT]",
passwordCpu: 0,
passwordMemory: 0,
passwordParallel: 0,
passwordLength: 0
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Create user with Scrypt modified password
Create a new user. Password provided must be hashed with the Scrypt Modified algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using Scrypt Modified.
passwordSalt string requiredSalt used to hash password.
passwordSaltSeparator string requiredSalt separator used to hash password.
passwordSignerKey string requiredSigner key used to hash password.
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/scrypt-modified
mutation {
usersCreateScryptModifiedUser(
userId: "[USER_ID]",
email: "email@example.com",
password: "password",
passwordSalt: "[PASSWORD_SALT]",
passwordSaltSeparator: "[PASSWORD_SALT_SEPARATOR]",
passwordSignerKey: "[PASSWORD_SIGNER_KEY]"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Create user with SHA password
Create a new user. Password provided must be hashed with the SHA algorithm. Use the POST /users endpoint to create users with a plain text password.
Request
userId string requiredUser ID. Choose a custom ID or generate a random ID with
ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.email string requiredUser email.
password string requiredUser password hashed using SHA.
passwordVersion string Optional SHA version used to hash password. Allowed values are: 'sha1', 'sha224', 'sha256', 'sha384', 'sha512/224', 'sha512/256', 'sha512', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512'
name string User name. Max length: 128 chars.
Response
201 application/json
POST /users/sha
mutation {
usersCreateSHAUser(
userId: "[USER_ID]",
email: "email@example.com",
password: "password"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Get user
Get a user by its unique ID.
Request
userId string requiredUser ID.
Response
200 application/json
GET /users/{userId}
query {
usersGet(
userId: "[USER_ID]"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Delete user
Delete a user by its unique ID, thereby releasing it's ID. Since ID is released and can be reused, all user-related resources like documents or storage files should be deleted before user deletion. If you want to keep ID reserved, use the updateStatus endpoint instead.
Request
userId string requiredUser ID.
Response
204 application/json
DELETE /users/{userId}
mutation {
usersDelete(
userId: "[USER_ID]"
) {
status
}
}
Update email
Update the user email by its unique ID.
Request
userId string requiredUser ID.
email string requiredUser email.
Response
200 application/json
PATCH /users/{userId}/email
mutation {
usersUpdateEmail(
userId: "[USER_ID]",
email: "email@example.com"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Update user labels
Update the user labels by its unique ID.
Labels can be used to grant access to resources. While teams are a way for user's to share access to a resource, labels can be defined by the developer to grant access without an invitation. See the Permissions docs for more info.
Request
userId string requiredUser ID.
labels array requiredArray of user labels. Replaces the previous labels. Maximum of 100 labels are allowed, each up to 36 alphanumeric characters long.
Response
200 application/json
PUT /users/{userId}/labels
mutation {
usersUpdateLabels(
userId: "[USER_ID]",
labels: []
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
List user logs
Get the user activity logs list by its unique ID.
Request
userId string requiredUser ID.
queries array Array of query strings generated using the Query class provided by the SDK. Learn more about queries. Only supported methods are limit and offset
Response
200 application/json
GET /users/{userId}/logs
query {
usersListLogs(
userId: "[USER_ID]"
) {
total
logs {
event
userId
userEmail
userName
mode
ip
time
osCode
osName
osVersion
clientType
clientCode
clientName
clientVersion
clientEngine
clientEngineVersion
deviceName
deviceBrand
deviceModel
countryCode
countryName
}
}
}
List user memberships
Get the user membership list by its unique ID.
Request
userId string requiredUser ID.
Response
200 application/json
GET /users/{userId}/memberships
query {
usersListMemberships(
userId: "[USER_ID]"
) {
total
memberships {
_id
_createdAt
_updatedAt
userId
userName
userEmail
teamId
teamName
invited
joined
confirm
roles
}
}
}
Update name
Update the user name by its unique ID.
Request
userId string requiredUser ID.
name string requiredUser name. Max length: 128 chars.
Response
200 application/json
PATCH /users/{userId}/name
mutation {
usersUpdateName(
userId: "[USER_ID]",
name: "[NAME]"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Update password
Update the user password by its unique ID.
Request
userId string requiredUser ID.
password string requiredNew user password. Must be at least 8 chars.
Response
200 application/json
PATCH /users/{userId}/password
mutation {
usersUpdatePassword(
userId: "[USER_ID]",
password: ""
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Update phone
Update the user phone by its unique ID.
Request
userId string requiredUser ID.
number string requiredUser phone number.
Response
200 application/json
PATCH /users/{userId}/phone
mutation {
usersUpdatePhone(
userId: "[USER_ID]",
number: "+12065550100"
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Get user preferences
Get the user preferences by its unique ID.
Request
userId string requiredUser ID.
Response
200 application/json
GET /users/{userId}/prefs
query {
usersGetPrefs(
userId: "[USER_ID]"
) {
data
}
}
Update user preferences
Update the user preferences by its unique ID. The object you pass is stored as is, and replaces any previous value. The maximum allowed prefs size is 64kB and throws error if exceeded.
Request
userId string requiredUser ID.
prefs object requiredPrefs key-value JSON object.
Response
200 application/json
PATCH /users/{userId}/prefs
mutation {
usersUpdatePrefs(
userId: "[USER_ID]",
prefs: "{}"
) {
data
}
}
List user sessions
Get the user sessions list by its unique ID.
Request
userId string requiredUser ID.
Response
200 application/json
GET /users/{userId}/sessions
query {
usersListSessions(
userId: "[USER_ID]"
) {
total
sessions {
_id
_createdAt
userId
expire
provider
providerUid
providerAccessToken
providerAccessTokenExpiry
providerRefreshToken
ip
osCode
osName
osVersion
clientType
clientCode
clientName
clientVersion
clientEngine
clientEngineVersion
deviceName
deviceBrand
deviceModel
countryCode
countryName
current
}
}
}
Delete user sessions
Delete all user's sessions by using the user's unique ID.
Request
userId string requiredUser ID.
Response
204 application/json
DELETE /users/{userId}/sessions
mutation {
usersDeleteSessions(
userId: "[USER_ID]"
) {
status
}
}
Delete user session
Delete a user sessions by its unique ID.
Request
userId string requiredUser ID.
sessionId string requiredSession ID.
Response
204 application/json
DELETE /users/{userId}/sessions/{sessionId}
mutation {
usersDeleteSession(
userId: "[USER_ID]",
sessionId: "[SESSION_ID]"
) {
status
}
}
Update user status
Update the user status by its unique ID. Use this endpoint as an alternative to deleting a user if you want to keep user's ID reserved.
Request
userId string requiredUser ID.
status boolean requiredUser Status. To activate the user pass
trueand to block the user passfalse.
Response
200 application/json
PATCH /users/{userId}/status
mutation {
usersUpdateStatus(
userId: "[USER_ID]",
status: false
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Update email verification
Update the user email verification status by its unique ID.
Request
userId string requiredUser ID.
emailVerification boolean requiredUser email verification status.
Response
200 application/json
PATCH /users/{userId}/verification
mutation {
usersUpdateEmailVerification(
userId: "[USER_ID]",
emailVerification: false
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}
Update phone verification
Update the user phone verification status by its unique ID.
Request
userId string requiredUser ID.
phoneVerification boolean requiredUser phone verification status.
Response
200 application/json
PATCH /users/{userId}/verification/phone
mutation {
usersUpdatePhoneVerification(
userId: "[USER_ID]",
phoneVerification: false
) {
_id
_createdAt
_updatedAt
name
registration
status
labels
passwordUpdate
email
phone
emailVerification
phoneVerification
prefs {
data
}
accessedAt
}
}