User Management

Introduction 

This section provides instructions on how to create, update and delete users for the default RESTHeart Authenticator.

RESTHeart Authenticator uses the collection /users by default.

Before running the example requests

The following examples assume RESTHeart Platform running on the localhost with the default configuration: the database restheart is bound to / and the user admin exists with default password secret.

User document

With the default configuration, a user is represented as follows:

{
    "_id": "username",
    "roles": [ "list", "of", "roles" ],
    "password": "secret"
}

RESTHeart Authenticator can be configured to use different properties for the username, roles an password. Check RESTHeart Authenticator for more information.

Get existing users

GET /users HTTP/1.1
Response
[
  {
    "_id": "admin",
    "roles": [
      "admin"
    ],
    "_etag": {
      "$oid": "5d2edb155883c050065d6a8a"
    }
  }
]

The password is always hidden on GET requests.

For security reasons, it not possbile to use the filter query parameter on the password field; the following request is forbidden and will cause an error: GET /users?filter={"password":{"$regex":"^a.*"}}

Create a user

POST /users HTTP/1.1

{
    "_id": "foo",
    "roles": [ "user" ],
    "password": "secret"
}

The password is automatically encrypted by RESTHeart Platform.

Update a user

PATCH /users/foo HTTP/1.1

{
    "password": "betterSecret"
}

Delete a user

DELETE /users/foo HTTP/1.1