Understand how to manage the user lifecyle with the User API.
Staffbase supports several ways to manage users, as you can see in our Support Portal.
One way is to use the User API. You can use the User API alone or in conjunction with other methods. This article should give you an overview of the different lifecycle stages and where each User API endpoint is useful.
When you start working with our APIs it’s always good to know how the API authentication works.
When working with the Staffbase APIs, please note that there are rate limits. High volume operations may need to consider this.
To work with the User API, it’s helpful to understand the User object and its properties. A user has many properties that can be managed in different ways using User API.
As highlighted in the introduction, this article focuses on the User API. Other Onboarding methods are available in the above mentioned support article.
The User API can be used to manage all tasks around the user lifecycle.
Example of adding a new user:
Make a POST
request to the /users
endpoint and set the desired properties in the request body schema. In this case
externalID
The external unique identifier of the user. This can be used to identify the user in your system and is used to match the user when syncing with Staffbase.userName
The username that can be used to log in to Staffbase. It must be unique.firstName
Basic user information: first namelastName
Basic user information: last nameemails/primary
The primary email address of the user. Used for the invitation email as well as password recovery. It must be unique. More information about types of user email fields in the Staffbase Platform.sendMail
Set to true to send an invitation email via StaffbaseMore examples of user creation via User API can be found on the following pages:
More actions can be found in the User API documentation.
Updating a user via the User API can have several aspects.
If you want to manage existing users, for example to update, work with recovery codes or retrieve group assignments, you can do this by using the User API.
Example are:
To help you filter the user data retrieved via our User API, have a look at our User API filters.
There may be situations where an even deeper integration is wanted.
Send recovery codes
For example, you could can send recovery codes for a user via the User API. This could be used in situations where you have a third-party service tool that your support desk uses to handle user requests for lost passwords:
Log out users
Another supportive task might be to activly log out a user remotely from Staffbase. An example could be to log out all your SSO users to enforce a new login.
Simplfied, when users are using SSO and frequently use the app, they never get logged out. Learn more about Session Management.
If your policies require users to log in to Staffbase again when they change their SSO password or when their SSO password expired, you can force them to log out:
Finally, there may be situations where users should no longer have access to Staffbase. For example, if users are no longer with your company. In this case you can either deactivate or delete the user.