# Users

Manage user profiles


## Servers

Sandbox environment
```
https://api.sbx.transmitsecurity.io/cis
```

Production environment (US)
```
https://api.transmitsecurity.io/cis
```

Production environment (EU)
```
https://api.eu.transmitsecurity.io/cis
```

Production environment (CA)
```
https://api.ca.transmitsecurity.io/cis
```

Production environment (AU)
```
https://api.au.transmitsecurity.io/cis
```

## Security

### bearer

Type: http
Scheme: bearer
Bearer Format: JWT

### UserAccessToken

A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated

Type: http
Scheme: bearer
Bearer Format: JWT

### AdminAccessToken

A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps

Type: oauth2

### ClientAccessToken

A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant)

Type: oauth2

### OrgAdminAccessToken

A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role.

Type: oauth2

## Download OpenAPI description

[Users](https://developer.transmitsecurity.com/_bundle/openapi/user/user.openapi.yaml)

## Other

### Get users count

 - [GET /v1/users/count](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserscount.md): Get the number of saved users. Required permissions: users:list, apps:list, [appId]:list.

### Create user

 - [POST /v1/users](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/createuser.md): Add a user to Transmit. A user_id is returned as part of the User in the response that can then be used to perform other operations, such as get, update and delete. An email or a phone_number are required. Required permissions: apps:create, [appId]:create, users:create.

### Get users

 - [GET /v1/users](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getusers.md): Search across your application’s users at Transmit. This endpoint also allows you to return all of your application’s users by sending no filters at all. Required permissions: users:read, users:list, apps:read, [appId]:read, apps:list, [appId]:list.

### Get user by identifier

 - [GET /v1/users/identifier](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserbyidentifier.md): Search for a user by identifier. Required permissions: apps:read, [appId]:read, users:read.

### Get user by ID

 - [GET /v1/users/{user_id}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserbyid.md): Search for a user by user ID. Required permissions: apps:read, [appId]:read, users:read.

### Update user

 - [PUT /v1/users/{user_id}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/updateuser.md): Update a user's attributes or their custom data. Changes will be merged into the user's profile, so you can specify only the fields you want to update.  Note:   Attributes (like name and address) cannot be partially updated, as the new value of an object or array will just replace the current one. custom_data can be partially updated since it will be merged with the existing data (as a shallow merge).. Required permissions: apps:edit, [appId]:edit, users:edit.

### Get user's groups

 - [GET /v1/users/{user_id}/groups](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getusergroups.md): Retrieve a list of groups associated with a user. Required permissions: apps:read, [appId]:read, groups:read.

### Get user by email

 - [GET /v1/users/email/{email}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserbyemail.md): Search for a user by primary email. Required permissions: apps:read, [appId]:read, users:read.

### Get user by external user ID

 - [GET /v1/users/external-user-id/{external_user_id}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserbyexternaluserid.md): Search for a user by their external_user_id, which represents the user identifier in external provider. Required permissions: apps:read, [appId]:read, users:read.

### Get user by username

 - [GET /v1/users/username/{username}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserbyusername.md): Search for a user by username. Required permissions: apps:read, [appId]:read, users:read.

### Remove user from app

 - [DELETE /v1/users/{user_id}/apps](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/removeuserfromapp.md): Remove a user from the requesting application. Required permissions: apps:edit, [appId]:edit, users:edit.

### Create credentials

 - [POST /v1/users/{user_id}/password](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/addpasswordcredential.md): Creates new password credentials for a user that doesn't already have a password. The password is temporary, and must be reset upon the user's first login. Required permissions: apps:create, [appId]:create, authenticators:create.

### Update password

 - [PUT /v1/users/{user_id}/password](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/updatepasswordcredential.md): Updates the user's existing credentials with a new temporary password, which must be reset the next time they login. Required permissions: apps:edit, [appId]:edit, authenticators:edit.

### Get user by phone number

 - [GET /v1/users/phone-number/{phone_number}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getuserbyphone.md): Search for a user by their primary phone number. Required permissions: apps:read, [appId]:read, users:read.

### Remove secondary email

 - [DELETE /v1/users/{user_id}/emails/{email}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/removeusersecondaryemail.md): Removes a secondary email address from the user's profile. Required permissions: apps:edit, [appId]:edit, users:edit.

### Remove secondary phone number

 - [DELETE /v1/users/{user_id}/phone-numbers/{phone_number}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/removeusersecondaryphonenumber.md): Remove a secondary phone number from the user's profile. Required permissions: apps:edit, [appId]:edit, users:edit.

### Mark email as verified

 - [POST /v1/users/{user_id}/emails/{email}/verify](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/verifyuseremail.md): Indicates that the user's email address was verified externally. A user's email address is automatically marked as verified when used in a Transmit authentication or verification flow. If the email address is a secondary email, the request can also be used to set it as the user's primary email (by setting change_to_primary to true). Required permissions: apps:edit, [appId]:edit, users:edit.

### Mark phone as verified

 - [POST /v1/users/{user_id}/phone-numbers/{phone_number}/verify](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/verifyuserphonenumber.md): Indicates that the user's phone number was verified externally. A user's phone number is automatically marked as verified when used in a Transmit authentication or verification flow. If the phone number is a secondary one, the request can also be used to set it as the user's primary phone (by setting change_to_primary to true). Required permissions: apps:edit, [appId]:edit, users:edit.

### Delete user

 - [DELETE /v1/manage/users/{user_id}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/deletetenantuser.md): Delete a user and all their data (tenant-level and app-level). Requires an admin access token (from a management app). Required permissions: users:delete.

### Register password

 - [POST /v1/users/me/password-credentials](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/addpasswordcredentialstocurrentuser.md): Allows a logged-in user to register their first password. Must be authorized using a valid user access token returned upon successful authentication.

### Get current user's device keys

 - [GET /v1/users/me/device-keys](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/getdevicekeysfortenant.md): Get device keys by user id

### Get user by phone number (deprecated)

 - [GET /v1/users/phone/{phone_number}](https://developer.transmitsecurity.com/openapi/user/user.openapi/other/deprecatedgetuserbyphone.md): Search for a user by their primary phone number