Manage Users

User management in Nexla allows you to control access to the platform, manage permissions, and organize users within your organization. The system provides comprehensive APIs for user operations including creation, modification, and access control.

User Resources

User resources describe individual Nexla accounts. Every user has a corresponding User resource and may belong to one or more organizations through Org memberships. Users can access resources based on their organization memberships and assigned permissions.

Fetch Current User

Users can fetch their information by calling the GET /users endpoint. This response contains only one entry - their own information.

API Endpoint

The endpoint for fetching current user information is:

GET /users/current

Nexla API

Fetch Current User: Request

GET /users/current

Response Structure

The response includes comprehensive user information including profile details, organization memberships, and access permissions.

Nexla API

Fetch Current User: Response

[
  {
    "id": 42,
    "email": "john.smith@example.com",
    "full_name": "John Smith",
    "api_key": "<API-Key>",
    "super_user": true,
    "impersonated": false,
    "default_org": {
      "id": 101,
      "name": "Acme Corporation"
    },
    "org_memberships": [
      {
        "id": 101,
        "name": "Acme Corporation",
        "is_admin?": true,
        "api_key": "<Org-API-Key>"
      }
    ],
    "email_verified_at": "2023-01-15T15:47:15.000Z",
    "updated_at": "2023-01-15T21:48:10.000Z",
    "created_at": "2023-01-15T15:47:15.000Z"
  }
]

List All Users

Organization admins can list all users that belong to their org by including the access_role=all query param to the /users endpoint.

Admin Access Endpoint

To list all users in your organization:

GET /users?access_role=all

Nexla API

List All Users: Request

GET /users?access_role=all

Admin Response Structure

The response includes all users in the organization with their profile information and membership details.

Nexla API

List All Users: Response

[
  {
    "id": 41,
    "email": "admin@example.com",
    "full_name": "Admin User",
    "api_key": "<API-Key>",
    "super_user": true,
    "impersonated": false,
    "default_org": {
      "id": 101,
      "name": "Acme Corporation"
    },
    "org_memberships": [
      {
        "id": 101,
        "name": "Acme Corporation",
        "is_admin?": true,
        "api_key": "<Org-API-Key>"
      }
    ],
    "email_verified_at": "2023-01-15T15:47:15.000Z",
    "updated_at": "2023-01-15T15:47:15.000Z",
    "created_at": "2023-01-15T15:47:15.000Z"
  },
  {
    "id": 42,
    "email": "john.smith@example.com",
    "full_name": "John Smith",
    "api_key": "<API-Key>",
    "super_user": true,
    "impersonated": false,
    "default_org": {
      "id": 101,
      "name": "Acme Corporation"
    },
    "org_memberships": [
      {
        "id": 101,
        "name": "Acme Corporation",
        "is_admin?": true,
        "api_key": "<Org-API-Key>"
      }
    ],
    "email_verified_at": "2023-01-15T15:47:15.000Z",
    "updated_at": "2023-01-15T21:48:10.000Z",
    "created_at": "2023-01-15T15:47:15.000Z"
  }
]

Add User to Organization

Organization admins can add users to their organization and optionally make them org administrators. The payload should contain email, full_name and admin selection for creating a new user.

Add Member Endpoint

To add a user to your organization:

PUT /orgs/{org_id}

Nexla API

Add User to Organization: Request

PUT /orgs/101

{
  "members": [
    {
      "email": "jane.doe@example.com",
      "full_name": "Jane Doe",
      "admin": false
    }
  ]
}

User Management Operations

The Nexla API provides comprehensive user management capabilities beyond basic CRUD operations.

User Activation and Deactivation

You can control user access by activating or deactivating accounts:

PUT /users/{user_id}/activate
PUT /users/{user_id}/deactivate

Password Management

Users can change their passwords and reset forgotten passwords:

PUT /users/{user_id}/change_password
POST /users/reset_password
POST /users/set_password

Account Locking

For security purposes, you can lock and unlock user accounts:

PUT /users/{user_id}/lock_account
PUT /users/{user_id}/unlock_account

User Information Fields

User resources contain several important fields:

• id: Unique identifier for the user
• email: User's email address (used for login)
• full_name: User's display name
• api_key: Authentication key for API access
• super_user: Whether the user has super user privileges
• impersonated: Whether the user is being impersonated
• default_org: User's primary organization
• org_memberships: List of organizations the user belongs to
• email_verified_at: When the email was verified
• created_at: When the user account was created
• updated_at: When the user account was last updated

Organization Memberships

Users can belong to multiple organizations, with each membership having specific permissions:

• id: Organization identifier
• name: Organization name
• is_admin?: Whether the user is an admin in this organization
• api_key: Organization-specific API key

Best Practices

To effectively manage users in your Nexla platform:

1. Use Descriptive Names: Choose clear, identifiable names for user accounts
2. Implement Role-Based Access: Assign users to teams based on their responsibilities
3. Regular Access Reviews: Periodically review user permissions and access
4. Monitor User Activity: Track login history and resource access patterns
5. Secure API Keys: Ensure API keys are kept secure and rotated regularly

Related Operations

After managing users, you may need to:

Manage Teams

GET /teams
POST /teams
PUT /teams/{team_id}/members

Control Resource Access

GET /resource_access
PUT /resource_access

View Audit Logs

GET /users/{user_id}/audit_log
GET /orgs/{org_id}/audit_log