naftiko: 1.0.0-alpha2 info: label: FusionAuth API — User description: 'FusionAuth API — User. 55 operations. Lead operation: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi. Self-contained Naftiko capability covering one business surface.' tags: - FusionAuth - User created: '2026-05-20' modified: '2026-05-20' binds: - namespace: env keys: FUSIONAUTH_API_KEY: FUSIONAUTH_API_KEY capability: consumes: - type: http namespace: fusionauth-user baseUri: http://localhost:9011 description: FusionAuth API — User business capability. Self-contained, no shared references. resources: - name: api-user path: /api/user operations: - name: createuser method: POST description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuser method: GET description: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: verificationId in: query type: string description: The unique verification Id that has been set on the user object. - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: username in: query type: string description: The username of the user. - name: loginId in: query type: string description: The email or username of the user. - name: loginIdTypes in: query type: array description: The identity types that FusionAuth will compare the loginId to. - name: email in: query type: string description: The email of the user. - name: changePasswordId in: query type: string description: The unique change password Id that was sent via email or returned by the Forgot Password API. - name: api-user-action path: /api/user/action operations: - name: actionuserwithid method: POST description: Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the "actioner". Both us outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuseractioning method: GET description: Retrieves all the actions for the user with the given Id that are currently inactive. An inactive action means one that is time based and ha outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The Id of the user to fetch the actions for. - name: active in: query type: string description: query parameter active. - name: preventingLogin in: query type: string description: query parameter preventingLogin. - name: api-user-action-actionid path: /api/user/action/{actionId} operations: - name: cancelactionwithid method: DELETE description: Cancels the user action. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: actionId in: path type: string description: The action Id of the action to cancel. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: modifyactionwithid method: PUT description: Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the action. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: actionId in: path type: string description: The Id of the action to modify. This is technically the user action log Id. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveactionwithid method: GET description: Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: actionId in: path type: string description: The Id of the action to retrieve. required: true - name: api-user-bulk path: /api/user/bulk operations: - name: deleteuserbulk method: DELETE description: Deletes the users with the given Ids, or users matching the provided JSON query or queryString. The order of preference is Ids, query and th outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userIds in: query type: string description: The ids of the users to deactivate. - name: dryRun in: query type: string description: query parameter dryRun. - name: hardDelete in: query type: string description: query parameter hardDelete. - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-change-password path: /api/user/change-password operations: - name: createuserchangepassword method: POST description: Changes a user's password using their access token (JWT) instead of the changePasswordId A common use case for this method will be if you wa outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuserchangepassword method: GET description: Check to see if the user must obtain a Trust Request Id in order to complete a change password request. When a user has enabled Two-Factor a outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: loginId in: query type: string description: The loginId of the User that you intend to change the password for. - name: loginIdTypes in: query type: array description: The identity types that FusionAuth will compare the loginId to. - name: ipAddress in: query type: string description: IP address of the user changing their password. This is used for MFA risk assessment. - name: api-user-change-password-changepasswordid path: /api/user/change-password/{changePasswordId} operations: - name: changepasswordwithid method: POST description: Changes a user's password using the change password Id. This usually occurs after an email has been sent to the user and they clicked on a l outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: changePasswordId in: path type: string description: The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuserchangepasswordwithid method: GET description: Check to see if the user must obtain a Trust Token Id in order to complete a change password request. When a user has enabled Two-Factor aut outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: ipAddress in: query type: string description: IP address of the user changing their password. This is used for MFA risk assessment. - name: changePasswordId in: path type: string description: The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated. required: true - name: api-user-comment path: /api/user/comment operations: - name: commentonuserwithid method: POST description: Adds a comment to the user's account. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-comment-search path: /api/user/comment/search operations: - name: searchusercommentswithid method: POST description: Searches user comments with the specified criteria and pagination. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-comment-userid path: /api/user/comment/{userId} operations: - name: retrieveusercommentswithid method: GET description: Retrieves all the comments for the user with the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: api-user-consent path: /api/user/consent operations: - name: createuserconsent method: POST description: Creates a single User consent. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuserconsentswithid method: GET description: Retrieves all the consents for a User. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The User's Id - name: api-user-consent-userconsentid path: /api/user/consent/{userConsentId} operations: - name: createuserconsentwithid method: POST description: Creates a single User consent. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userConsentId in: path type: string description: The Id for the User consent. If not provided a secure random UUID will be generated. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: patchuserconsentwithid method: PATCH description: Updates, via PATCH, a single User consent by Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userConsentId in: path type: string description: The User Consent Id required: true - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuserconsentwithid method: GET description: Retrieve a single User consent by Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userConsentId in: path type: string description: The User consent Id required: true - name: revokeuserconsentwithid method: DELETE description: Revokes a single User consent by Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userConsentId in: path type: string description: The User Consent Id required: true - name: updateuserconsentwithid method: PUT description: Updates a single User consent by Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userConsentId in: path type: string description: The User Consent Id required: true - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-family path: /api/user/family operations: - name: createfamily method: POST description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: retrievefamilieswithid method: GET description: Retrieves all the families that a user belongs to. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The User's id - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: api-user-family-pending path: /api/user/family/pending operations: - name: retrievependingchildrenwithid method: GET description: Retrieves all the children for the given parent email address. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: parentEmail in: query type: string description: The email of the parent. - name: api-user-family-request path: /api/user/family/request operations: - name: sendfamilyrequestemailwithid method: POST description: Sends out an email to a parent that they need to register and create a family or need to log in and add a child to their existing family. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-family-familyid path: /api/user/family/{familyId} operations: - name: updateuserfamilywithid method: PUT description: Updates a family with a given Id. OR Adds a user to an existing family. The family Id must be specified. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: familyId in: path type: string description: The Id of the family to update. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: createfamilywithid method: POST description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: familyId in: path type: string description: The Id for the family. If not provided a secure random UUID will be generated. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: retrievefamilymembersbyfamilyidwithid method: GET description: Retrieves all the members of a family by the unique Family Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: familyId in: path type: string description: The unique Id of the Family. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: api-user-family-familyid-userid path: /api/user/family/{familyId}/{userId} operations: - name: removeuserfromfamilywithid method: DELETE description: Removes a user from the family with the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: familyId in: path type: string description: The Id of the family to remove the user from. required: true - name: userId in: path type: string description: The Id of the user to remove from the family. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: api-user-forgot-password path: /api/user/forgot-password operations: - name: forgotpasswordwithid method: POST description: Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-import path: /api/user/import operations: - name: importuserswithid method: POST description: Bulk imports users. This request performs minimal validation and runs batch inserts of users with the expectation that each user does not ye outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-recent-login path: /api/user/recent-login operations: - name: retrieveuserrecentlogin method: GET description: Retrieves the last number of login records for a user. OR Retrieves the last number of login records. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The Id of the user. - name: offset in: query type: string description: The initial record. e.g. 0 is the last login, 100 will be the 100th most recent login. - name: limit in: query type: string description: (Optional, defaults to 10) The number of records to retrieve. - name: api-user-refresh-token-import path: /api/user/refresh-token/import operations: - name: importrefreshtokenswithid method: POST description: Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that eac outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-registration path: /api/user/registration operations: - name: register method: POST description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-registration-userid path: /api/user/registration/{userId} operations: - name: patchregistrationwithid method: PATCH description: Updates, via PATCH, the registration for the user with the given Id and the application defined in the request. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user whose registration is going to be updated. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: registerwithid method: POST description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user being registered for the application and optionally created. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: updateregistrationwithid method: PUT description: Updates the registration for the user with the given Id and the application defined in the request. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user whose registration is going to be updated. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-registration-userid-applicationid path: /api/user/registration/{userId}/{applicationId} operations: - name: deleteuserregistrationwithid method: DELETE description: Deletes the user registration for the given user and application along with the given JSON body that contains the event information. OR Dele outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user whose registration is being deleted. required: true - name: applicationId in: path type: string description: The Id of the application to remove the registration for. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveregistrationwithid method: GET description: Retrieves the user registration for the user with the given Id and the given application Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user. required: true - name: applicationId in: path type: string description: The Id of the application. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: api-user-search path: /api/user/search operations: - name: searchusersbyidswithid method: GET description: Retrieves the users for the given Ids. If any Id is invalid, it is ignored. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: ids in: query type: string description: The user Ids to search for. - name: searchusersbyquerywithid method: POST description: Retrieves the users for the given search criteria and pagination. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-two-factor-recovery-code-userid path: /api/user/two-factor/recovery-code/{userId} operations: - name: generatetwofactorrecoverycodeswithid method: POST description: Generate two-factor recovery codes for a user. Generating two-factor recovery codes will invalidate any existing recovery codes. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user to generate new Two Factor recovery codes. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: retrievetwofactorrecoverycodeswithid method: GET description: Retrieve two-factor recovery codes for a user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user to retrieve Two Factor recovery codes. required: true - name: api-user-two-factor-userid path: /api/user/two-factor/{userId} operations: - name: deleteusertwofactorwithid method: DELETE description: Disable two-factor authentication for a user using a JSON body rather than URL parameters. OR Disable two-factor authentication for a user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the User for which you're disabling two-factor authentication. required: true - name: methodId in: query type: string description: The two-factor method identifier you wish to disable - name: code in: query type: string description: The two-factor code used verify the the caller knows the two-factor secret. - name: body in: body type: object description: Request body (JSON). required: false - name: enabletwofactorwithid method: POST description: Enable two-factor authentication for a user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user to enable two-factor authentication. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-verify-email path: /api/user/verify-email operations: - name: updateuserverifyemail method: PUT description: Re-sends the verification email to the user. If the Application has configured a specific email template this will be used instead of the te outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: applicationId in: query type: string description: The unique Application Id to used to resolve an application specific email template. - name: email in: query type: string description: The email address of the user that needs a new verification email. - name: sendVerifyEmail in: query type: string description: query parameter sendVerifyEmail. - name: body in: body type: object description: Request body (JSON). required: false - name: createuserverifyemail method: POST description: Administratively verify a user's email address. Use this method to bypass email verification for the user. The request body will contain th outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-verify-registration path: /api/user/verify-registration operations: - name: updateuserverifyregistration method: PUT description: 'Re-sends the application registration verification email to the user. OR Generate a new Application Registration Verification Id to be used ' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: email in: query type: string description: The email address of the user that needs a new verification email. - name: applicationId in: query type: string description: The Id of the application to be verified. - name: sendVerifyPasswordEmail in: query type: string description: query parameter sendVerifyPasswordEmail. - name: body in: body type: object description: Request body (JSON). required: false - name: verifyuserregistrationwithid method: POST description: Confirms a user's registration. The request body will contain the verificationId. You may also be required to send a one-time use code bas outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-userid path: /api/user/{userId} operations: - name: createuserwithid method: POST description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id for the user. If not provided a secure random UUID will be generated. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: deleteuserwithid method: DELETE description: Deletes the user based on the given request (sent to the API as JSON). This permanently deletes all information, metrics, reports and data a outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user to delete (required). required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: hardDelete in: query type: string description: query parameter hardDelete. - name: body in: body type: object description: Request body (JSON). required: false - name: patchuserwithid method: PATCH description: Updates, via PATCH, the user with the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user to update. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: updateuserwithid method: PUT description: Updates the user with the given Id. OR Reactivates the user with the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user to update. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: reactivate in: query type: string description: query parameter reactivate. - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveuserwithid method: GET description: Retrieves the user for the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The Id of the user. required: true - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. exposes: - type: rest namespace: fusionauth-user-rest port: 8080 description: REST adapter for FusionAuth API — User. One resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/user name: api-user description: REST surface for api-user. operations: - method: POST name: createuser description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated. call: fusionauth-user.createuser with: X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuser description: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi call: fusionauth-user.retrieveuser with: verificationId: rest.verificationId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId username: rest.username loginId: rest.loginId loginIdTypes: rest.loginIdTypes email: rest.email changePasswordId: rest.changePasswordId outputParameters: - type: object mapping: $. - path: /v1/api/user/action name: api-user-action description: REST surface for api-user-action. operations: - method: POST name: actionuserwithid description: Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the "actioner". Both us call: fusionauth-user.actionuserwithid with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuseractioning description: Retrieves all the actions for the user with the given Id that are currently inactive. An inactive action means one that is time based and ha call: fusionauth-user.retrieveuseractioning with: userId: rest.userId active: rest.active preventingLogin: rest.preventingLogin outputParameters: - type: object mapping: $. - path: /v1/api/user/action/{actionId} name: api-user-action-actionid description: REST surface for api-user-action-actionid. operations: - method: DELETE name: cancelactionwithid description: Cancels the user action. call: fusionauth-user.cancelactionwithid with: actionId: rest.actionId body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: modifyactionwithid description: Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the action. call: fusionauth-user.modifyactionwithid with: actionId: rest.actionId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveactionwithid description: Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id. call: fusionauth-user.retrieveactionwithid with: actionId: rest.actionId outputParameters: - type: object mapping: $. - path: /v1/api/user/bulk name: api-user-bulk description: REST surface for api-user-bulk. operations: - method: DELETE name: deleteuserbulk description: Deletes the users with the given Ids, or users matching the provided JSON query or queryString. The order of preference is Ids, query and th call: fusionauth-user.deleteuserbulk with: userIds: rest.userIds dryRun: rest.dryRun hardDelete: rest.hardDelete body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/change-password name: api-user-change-password description: REST surface for api-user-change-password. operations: - method: POST name: createuserchangepassword description: Changes a user's password using their access token (JWT) instead of the changePasswordId A common use case for this method will be if you wa call: fusionauth-user.createuserchangepassword with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuserchangepassword description: Check to see if the user must obtain a Trust Request Id in order to complete a change password request. When a user has enabled Two-Factor a call: fusionauth-user.retrieveuserchangepassword with: loginId: rest.loginId loginIdTypes: rest.loginIdTypes ipAddress: rest.ipAddress outputParameters: - type: object mapping: $. - path: /v1/api/user/change-password/{changePasswordId} name: api-user-change-password-changepasswordid description: REST surface for api-user-change-password-changepasswordid. operations: - method: POST name: changepasswordwithid description: Changes a user's password using the change password Id. This usually occurs after an email has been sent to the user and they clicked on a l call: fusionauth-user.changepasswordwithid with: changePasswordId: rest.changePasswordId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuserchangepasswordwithid description: Check to see if the user must obtain a Trust Token Id in order to complete a change password request. When a user has enabled Two-Factor aut call: fusionauth-user.retrieveuserchangepasswordwithid with: ipAddress: rest.ipAddress changePasswordId: rest.changePasswordId outputParameters: - type: object mapping: $. - path: /v1/api/user/comment name: api-user-comment description: REST surface for api-user-comment. operations: - method: POST name: commentonuserwithid description: Adds a comment to the user's account. call: fusionauth-user.commentonuserwithid with: X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/comment/search name: api-user-comment-search description: REST surface for api-user-comment-search. operations: - method: POST name: searchusercommentswithid description: Searches user comments with the specified criteria and pagination. call: fusionauth-user.searchusercommentswithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/comment/{userId} name: api-user-comment-userid description: REST surface for api-user-comment-userid. operations: - method: GET name: retrieveusercommentswithid description: Retrieves all the comments for the user with the given Id. call: fusionauth-user.retrieveusercommentswithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - path: /v1/api/user/consent name: api-user-consent description: REST surface for api-user-consent. operations: - method: POST name: createuserconsent description: Creates a single User consent. call: fusionauth-user.createuserconsent with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuserconsentswithid description: Retrieves all the consents for a User. call: fusionauth-user.retrieveuserconsentswithid with: userId: rest.userId outputParameters: - type: object mapping: $. - path: /v1/api/user/consent/{userConsentId} name: api-user-consent-userconsentid description: REST surface for api-user-consent-userconsentid. operations: - method: POST name: createuserconsentwithid description: Creates a single User consent. call: fusionauth-user.createuserconsentwithid with: userConsentId: rest.userConsentId body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: patchuserconsentwithid description: Updates, via PATCH, a single User consent by Id. call: fusionauth-user.patchuserconsentwithid with: userConsentId: rest.userConsentId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuserconsentwithid description: Retrieve a single User consent by Id. call: fusionauth-user.retrieveuserconsentwithid with: userConsentId: rest.userConsentId outputParameters: - type: object mapping: $. - method: DELETE name: revokeuserconsentwithid description: Revokes a single User consent by Id. call: fusionauth-user.revokeuserconsentwithid with: userConsentId: rest.userConsentId outputParameters: - type: object mapping: $. - method: PUT name: updateuserconsentwithid description: Updates a single User consent by Id. call: fusionauth-user.updateuserconsentwithid with: userConsentId: rest.userConsentId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/family name: api-user-family description: REST surface for api-user-family. operations: - method: POST name: createfamily description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family call: fusionauth-user.createfamily with: X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrievefamilieswithid description: Retrieves all the families that a user belongs to. call: fusionauth-user.retrievefamilieswithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - path: /v1/api/user/family/pending name: api-user-family-pending description: REST surface for api-user-family-pending. operations: - method: GET name: retrievependingchildrenwithid description: Retrieves all the children for the given parent email address. call: fusionauth-user.retrievependingchildrenwithid with: parentEmail: rest.parentEmail outputParameters: - type: object mapping: $. - path: /v1/api/user/family/request name: api-user-family-request description: REST surface for api-user-family-request. operations: - method: POST name: sendfamilyrequestemailwithid description: Sends out an email to a parent that they need to register and create a family or need to log in and add a child to their existing family. call: fusionauth-user.sendfamilyrequestemailwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/family/{familyId} name: api-user-family-familyid description: REST surface for api-user-family-familyid. operations: - method: PUT name: updateuserfamilywithid description: Updates a family with a given Id. OR Adds a user to an existing family. The family Id must be specified. call: fusionauth-user.updateuserfamilywithid with: familyId: rest.familyId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: POST name: createfamilywithid description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family call: fusionauth-user.createfamilywithid with: familyId: rest.familyId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrievefamilymembersbyfamilyidwithid description: Retrieves all the members of a family by the unique Family Id. call: fusionauth-user.retrievefamilymembersbyfamilyidwithid with: familyId: rest.familyId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - path: /v1/api/user/family/{familyId}/{userId} name: api-user-family-familyid-userid description: REST surface for api-user-family-familyid-userid. operations: - method: DELETE name: removeuserfromfamilywithid description: Removes a user from the family with the given Id. call: fusionauth-user.removeuserfromfamilywithid with: familyId: rest.familyId userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - path: /v1/api/user/forgot-password name: api-user-forgot-password description: REST surface for api-user-forgot-password. operations: - method: POST name: forgotpasswordwithid description: Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password. call: fusionauth-user.forgotpasswordwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/import name: api-user-import description: REST surface for api-user-import. operations: - method: POST name: importuserswithid description: Bulk imports users. This request performs minimal validation and runs batch inserts of users with the expectation that each user does not ye call: fusionauth-user.importuserswithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/recent-login name: api-user-recent-login description: REST surface for api-user-recent-login. operations: - method: GET name: retrieveuserrecentlogin description: Retrieves the last number of login records for a user. OR Retrieves the last number of login records. call: fusionauth-user.retrieveuserrecentlogin with: userId: rest.userId offset: rest.offset limit: rest.limit outputParameters: - type: object mapping: $. - path: /v1/api/user/refresh-token/import name: api-user-refresh-token-import description: REST surface for api-user-refresh-token-import. operations: - method: POST name: importrefreshtokenswithid description: Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that eac call: fusionauth-user.importrefreshtokenswithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/registration name: api-user-registration description: REST surface for api-user-registration. operations: - method: POST name: register description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel call: fusionauth-user.register with: X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/registration/{userId} name: api-user-registration-userid description: REST surface for api-user-registration-userid. operations: - method: PATCH name: patchregistrationwithid description: Updates, via PATCH, the registration for the user with the given Id and the application defined in the request. call: fusionauth-user.patchregistrationwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: POST name: registerwithid description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel call: fusionauth-user.registerwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: updateregistrationwithid description: Updates the registration for the user with the given Id and the application defined in the request. call: fusionauth-user.updateregistrationwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/registration/{userId}/{applicationId} name: api-user-registration-userid-applicationid description: REST surface for api-user-registration-userid-applicationid. operations: - method: DELETE name: deleteuserregistrationwithid description: Deletes the user registration for the given user and application along with the given JSON body that contains the event information. OR Dele call: fusionauth-user.deleteuserregistrationwithid with: userId: rest.userId applicationId: rest.applicationId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveregistrationwithid description: Retrieves the user registration for the user with the given Id and the given application Id. call: fusionauth-user.retrieveregistrationwithid with: userId: rest.userId applicationId: rest.applicationId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - path: /v1/api/user/search name: api-user-search description: REST surface for api-user-search. operations: - method: GET name: searchusersbyidswithid description: Retrieves the users for the given Ids. If any Id is invalid, it is ignored. call: fusionauth-user.searchusersbyidswithid with: ids: rest.ids outputParameters: - type: object mapping: $. - method: POST name: searchusersbyquerywithid description: Retrieves the users for the given search criteria and pagination. call: fusionauth-user.searchusersbyquerywithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/two-factor/recovery-code/{userId} name: api-user-two-factor-recovery-code-userid description: REST surface for api-user-two-factor-recovery-code-userid. operations: - method: POST name: generatetwofactorrecoverycodeswithid description: Generate two-factor recovery codes for a user. Generating two-factor recovery codes will invalidate any existing recovery codes. call: fusionauth-user.generatetwofactorrecoverycodeswithid with: userId: rest.userId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrievetwofactorrecoverycodeswithid description: Retrieve two-factor recovery codes for a user. call: fusionauth-user.retrievetwofactorrecoverycodeswithid with: userId: rest.userId outputParameters: - type: object mapping: $. - path: /v1/api/user/two-factor/{userId} name: api-user-two-factor-userid description: REST surface for api-user-two-factor-userid. operations: - method: DELETE name: deleteusertwofactorwithid description: Disable two-factor authentication for a user using a JSON body rather than URL parameters. OR Disable two-factor authentication for a user. call: fusionauth-user.deleteusertwofactorwithid with: userId: rest.userId methodId: rest.methodId code: rest.code body: rest.body outputParameters: - type: object mapping: $. - method: POST name: enabletwofactorwithid description: Enable two-factor authentication for a user. call: fusionauth-user.enabletwofactorwithid with: userId: rest.userId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/verify-email name: api-user-verify-email description: REST surface for api-user-verify-email. operations: - method: PUT name: updateuserverifyemail description: Re-sends the verification email to the user. If the Application has configured a specific email template this will be used instead of the te call: fusionauth-user.updateuserverifyemail with: applicationId: rest.applicationId email: rest.email sendVerifyEmail: rest.sendVerifyEmail body: rest.body outputParameters: - type: object mapping: $. - method: POST name: createuserverifyemail description: Administratively verify a user's email address. Use this method to bypass email verification for the user. The request body will contain th call: fusionauth-user.createuserverifyemail with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/verify-registration name: api-user-verify-registration description: REST surface for api-user-verify-registration. operations: - method: PUT name: updateuserverifyregistration description: 'Re-sends the application registration verification email to the user. OR Generate a new Application Registration Verification Id to be used ' call: fusionauth-user.updateuserverifyregistration with: email: rest.email applicationId: rest.applicationId sendVerifyPasswordEmail: rest.sendVerifyPasswordEmail body: rest.body outputParameters: - type: object mapping: $. - method: POST name: verifyuserregistrationwithid description: Confirms a user's registration. The request body will contain the verificationId. You may also be required to send a one-time use code bas call: fusionauth-user.verifyuserregistrationwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/{userId} name: api-user-userid description: REST surface for api-user-userid. operations: - method: POST name: createuserwithid description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated. call: fusionauth-user.createuserwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuserwithid description: Deletes the user based on the given request (sent to the API as JSON). This permanently deletes all information, metrics, reports and data a call: fusionauth-user.deleteuserwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId hardDelete: rest.hardDelete body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: patchuserwithid description: Updates, via PATCH, the user with the given Id. call: fusionauth-user.patchuserwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: updateuserwithid description: Updates the user with the given Id. OR Reactivates the user with the given Id. call: fusionauth-user.updateuserwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId reactivate: rest.reactivate body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveuserwithid description: Retrieves the user for the given Id. call: fusionauth-user.retrieveuserwithid with: userId: rest.userId X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - type: mcp namespace: fusionauth-user-mcp port: 9090 transport: http description: MCP adapter for FusionAuth API — User. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: fusionauth-createuser description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createuser with: X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuser description: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuser with: verificationId: tools.verificationId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId username: tools.username loginId: tools.loginId loginIdTypes: tools.loginIdTypes email: tools.email changePasswordId: tools.changePasswordId outputParameters: - type: object mapping: $. - name: fusionauth-actionuserwithid description: Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the "actioner". Both us hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.actionuserwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuseractioning description: Retrieves all the actions for the user with the given Id that are currently inactive. An inactive action means one that is time based and ha hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuseractioning with: userId: tools.userId active: tools.active preventingLogin: tools.preventingLogin outputParameters: - type: object mapping: $. - name: fusionauth-cancelactionwithid description: Cancels the user action. hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.cancelactionwithid with: actionId: tools.actionId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-modifyactionwithid description: Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the action. hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.modifyactionwithid with: actionId: tools.actionId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveactionwithid description: Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveactionwithid with: actionId: tools.actionId outputParameters: - type: object mapping: $. - name: fusionauth-deleteuserbulk description: Deletes the users with the given Ids, or users matching the provided JSON query or queryString. The order of preference is Ids, query and th hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.deleteuserbulk with: userIds: tools.userIds dryRun: tools.dryRun hardDelete: tools.hardDelete body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-createuserchangepassword description: Changes a user's password using their access token (JWT) instead of the changePasswordId A common use case for this method will be if you wa hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createuserchangepassword with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuserchangepassword description: Check to see if the user must obtain a Trust Request Id in order to complete a change password request. When a user has enabled Two-Factor a hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuserchangepassword with: loginId: tools.loginId loginIdTypes: tools.loginIdTypes ipAddress: tools.ipAddress outputParameters: - type: object mapping: $. - name: fusionauth-changepasswordwithid description: Changes a user's password using the change password Id. This usually occurs after an email has been sent to the user and they clicked on a l hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.changepasswordwithid with: changePasswordId: tools.changePasswordId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuserchangepasswordwithid description: Check to see if the user must obtain a Trust Token Id in order to complete a change password request. When a user has enabled Two-Factor aut hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuserchangepasswordwithid with: ipAddress: tools.ipAddress changePasswordId: tools.changePasswordId outputParameters: - type: object mapping: $. - name: fusionauth-commentonuserwithid description: Adds a comment to the user's account. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.commentonuserwithid with: X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-searchusercommentswithid description: Searches user comments with the specified criteria and pagination. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.searchusercommentswithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveusercommentswithid description: Retrieves all the comments for the user with the given Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveusercommentswithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - name: fusionauth-createuserconsent description: Creates a single User consent. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createuserconsent with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuserconsentswithid description: Retrieves all the consents for a User. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuserconsentswithid with: userId: tools.userId outputParameters: - type: object mapping: $. - name: fusionauth-createuserconsentwithid description: Creates a single User consent. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createuserconsentwithid with: userConsentId: tools.userConsentId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-patchuserconsentwithid description: Updates, via PATCH, a single User consent by Id. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.patchuserconsentwithid with: userConsentId: tools.userConsentId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuserconsentwithid description: Retrieve a single User consent by Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuserconsentwithid with: userConsentId: tools.userConsentId outputParameters: - type: object mapping: $. - name: fusionauth-revokeuserconsentwithid description: Revokes a single User consent by Id. hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.revokeuserconsentwithid with: userConsentId: tools.userConsentId outputParameters: - type: object mapping: $. - name: fusionauth-updateuserconsentwithid description: Updates a single User consent by Id. hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.updateuserconsentwithid with: userConsentId: tools.userConsentId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-createfamily description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createfamily with: X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrievefamilieswithid description: Retrieves all the families that a user belongs to. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrievefamilieswithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - name: fusionauth-retrievependingchildrenwithid description: Retrieves all the children for the given parent email address. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrievependingchildrenwithid with: parentEmail: tools.parentEmail outputParameters: - type: object mapping: $. - name: fusionauth-sendfamilyrequestemailwithid description: Sends out an email to a parent that they need to register and create a family or need to log in and add a child to their existing family. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.sendfamilyrequestemailwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-updateuserfamilywithid description: Updates a family with a given Id. OR Adds a user to an existing family. The family Id must be specified. hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.updateuserfamilywithid with: familyId: tools.familyId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-createfamilywithid description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createfamilywithid with: familyId: tools.familyId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrievefamilymembersbyfamilyidwithid description: Retrieves all the members of a family by the unique Family Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrievefamilymembersbyfamilyidwithid with: familyId: tools.familyId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - name: fusionauth-removeuserfromfamilywithid description: Removes a user from the family with the given Id. hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.removeuserfromfamilywithid with: familyId: tools.familyId userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - name: fusionauth-forgotpasswordwithid description: Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.forgotpasswordwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-importuserswithid description: Bulk imports users. This request performs minimal validation and runs batch inserts of users with the expectation that each user does not ye hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.importuserswithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuserrecentlogin description: Retrieves the last number of login records for a user. OR Retrieves the last number of login records. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuserrecentlogin with: userId: tools.userId offset: tools.offset limit: tools.limit outputParameters: - type: object mapping: $. - name: fusionauth-importrefreshtokenswithid description: Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that eac hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.importrefreshtokenswithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-register description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.register with: X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-patchregistrationwithid description: Updates, via PATCH, the registration for the user with the given Id and the application defined in the request. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.patchregistrationwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-registerwithid description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.registerwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-updateregistrationwithid description: Updates the registration for the user with the given Id and the application defined in the request. hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.updateregistrationwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-deleteuserregistrationwithid description: Deletes the user registration for the given user and application along with the given JSON body that contains the event information. OR Dele hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.deleteuserregistrationwithid with: userId: tools.userId applicationId: tools.applicationId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveregistrationwithid description: Retrieves the user registration for the user with the given Id and the given application Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveregistrationwithid with: userId: tools.userId applicationId: tools.applicationId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId outputParameters: - type: object mapping: $. - name: fusionauth-searchusersbyidswithid description: Retrieves the users for the given Ids. If any Id is invalid, it is ignored. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.searchusersbyidswithid with: ids: tools.ids outputParameters: - type: object mapping: $. - name: fusionauth-searchusersbyquerywithid description: Retrieves the users for the given search criteria and pagination. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.searchusersbyquerywithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-generatetwofactorrecoverycodeswithid description: Generate two-factor recovery codes for a user. Generating two-factor recovery codes will invalidate any existing recovery codes. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.generatetwofactorrecoverycodeswithid with: userId: tools.userId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrievetwofactorrecoverycodeswithid description: Retrieve two-factor recovery codes for a user. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrievetwofactorrecoverycodeswithid with: userId: tools.userId outputParameters: - type: object mapping: $. - name: fusionauth-deleteusertwofactorwithid description: Disable two-factor authentication for a user using a JSON body rather than URL parameters. OR Disable two-factor authentication for a user. hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.deleteusertwofactorwithid with: userId: tools.userId methodId: tools.methodId code: tools.code body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-enabletwofactorwithid description: Enable two-factor authentication for a user. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.enabletwofactorwithid with: userId: tools.userId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-updateuserverifyemail description: Re-sends the verification email to the user. If the Application has configured a specific email template this will be used instead of the te hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.updateuserverifyemail with: applicationId: tools.applicationId email: tools.email sendVerifyEmail: tools.sendVerifyEmail body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-createuserverifyemail description: Administratively verify a user's email address. Use this method to bypass email verification for the user. The request body will contain th hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createuserverifyemail with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-updateuserverifyregistration description: 'Re-sends the application registration verification email to the user. OR Generate a new Application Registration Verification Id to be used ' hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.updateuserverifyregistration with: email: tools.email applicationId: tools.applicationId sendVerifyPasswordEmail: tools.sendVerifyPasswordEmail body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-verifyuserregistrationwithid description: Confirms a user's registration. The request body will contain the verificationId. You may also be required to send a one-time use code bas hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.verifyuserregistrationwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-createuserwithid description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.createuserwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-deleteuserwithid description: Deletes the user based on the given request (sent to the API as JSON). This permanently deletes all information, metrics, reports and data a hints: readOnly: false destructive: true idempotent: true call: fusionauth-user.deleteuserwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId hardDelete: tools.hardDelete body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-patchuserwithid description: Updates, via PATCH, the user with the given Id. hints: readOnly: false destructive: false idempotent: false call: fusionauth-user.patchuserwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-updateuserwithid description: Updates the user with the given Id. OR Reactivates the user with the given Id. hints: readOnly: false destructive: false idempotent: true call: fusionauth-user.updateuserwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId reactivate: tools.reactivate body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveuserwithid description: Retrieves the user for the given Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-user.retrieveuserwithid with: userId: tools.userId X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId outputParameters: - type: object mapping: $.