Users

The users resource represents a single Bloom user. Users cannot be directly created. Instead, a user registration request must be made.

User object

{
  "id": "019429df-8f3f-7245-bc0d-73kn1u4f2284",
  "email": "user@example.com",
  "meta": {
    "name_first": "Jon",
    "name_last": "Doe"
  },
  "admin": false,
  "enabled": true,
  "created_at": "2025-01-03 01:55:04",
  "updated_at": "2025-07-28 17:11:17",
  "verified_at": "2025-07-28 17:11:17"
}

Fields

  • id
    required readonly string
    Unique ID of the record.
  • email
    required string
    Unique email address of the user.
  • meta
    required object
    Additional metadata about the user. The name_first and name_last fields are required.
  • admin
    required readonly boolean
    Whether the user is an admin.
  • enabled
    required boolean
    Whether the user is enabled. This field is only writable by an admin user.
  • created_at
    required readonly string
    UTC timestamp of when the record was created.
  • updated_at
    nullable readonly string
    UTC timestamp of when the record was last updated.
  • verified_at
    nullable readonly string
    UTC timestamp of when the user verified their email address.

Read a user

GET /users/{Id} or /users/me alias to read self.

Required permissions

User must be authenticated and can only read their own record.

Response

HTTP status Title Description Schema
200 OK User object
400 Bad Request Invalid parameters in the request query Error object
403 Forbidden Unsuccessful attempt to read another user's record Error object
404 Not Found User ID not found Error object

Update a user

PATCH /users/{id}

The request body must include parts of a user object.

In addition, a password field can be included to update the user's password. The password must meet the following requirements:

  • Minimum length of 12 characters
  • Contain at least one lowercase letter
  • Contain at least one uppercase letter
  • Contain at least one number

If the email field is updated, the user must verify their new email address before they can log in again. A verification email will be sent to the new email address.

Required permissions

User must be authenticated and can only update their own record.

Response

HTTP status Title Description Schema
200 OK Updated user record User object
400 Bad Request Invalid or missing field(s) Error object
404 Not Found User ID not found Error object
409 Conflict Email address already in use by another user Error object

Delete a user

DELETE /users/{id}

User account deletion will remove all user data, is permanent and cannot be undone

User accounts which own tenants cannot be deleted. The tenant must be transferred to another user or deleted before the user can be deleted.

Required permissions

User must be authenticated and can only delete their own record.

Response

HTTP status Title Description Schema
204 No content Successfully deleted
400 Bad Request User owns at least one tenant and cannot be deleted Error object
404 Not Found User ID not found Error object

List tenant invitations

List all tenant invitations for a user.

GET /users/{id}/invitations

Required permissions

User must be authenticated and can only list invitations for themselves.

Response

HTTP status Title Description Schema
200 OK An associative array of tenant invitation objects
400 Bad Request Invalid parameters in the request query Error object
403 Forbidden Unsuccessful attempt to read another user's invitations Error object
404 Not Found User ID not found Error object

Accept a tenant invitation

Accept a tenant invitation.

POST /users/{userId}/invitations/{id}

Required permissions

User must be authenticated and can only accept their own invitations.

Response

HTTP status Title Description Schema
204 No content Successfully accepted
400 Bad Request Invalid parameters in the request query Error object
403 Forbidden Unsuccessful attempt to accept another user's invitation Error object
404 Not Found User or invitation ID not found Error object

List tenants

List all tenants the user owns or belongs to.

GET /users/{id}/tenants

Required permissions

User must be authenticated and can only list tenants they own or belong to.

Response

HTTP status Title Description Schema
200 OK An associative array of tenant objects
400 Bad Request Invalid parameters in the request query Error object
404 Not Found User ID not found Error object

Logout

Logout the current user by invalidating their current access and refresh tokens.

POST /users/logout

Required permissions

User must be authenticated.

Response

HTTP status Title Description Schema
204 No content Successfully logged out
Was this page helpful?
© 2026 Bloom Data · System status