post__organization_users

POST /organization/users

Create Organization User

Create a new user in the authenticated user's organization. This endpoint requires user management permissions (WORKSPACES role or higher). The new user will receive a verification email and must validate their account before accessing the system.

Request Body

Name

Type

Required

Restrictions

Description

» email

string

true

none

User's email address (must be unique)

» password

string

true

none

User's password (must meet security requirements)

» firstName

string

true

none

User's first name

» lastName

string

true

none

User's last name

» orgRole

integer

false

none

User's organization role (defaults to 0x00 - USER)

» sendInvite

boolean

false

none

Whether to send an invite email to the new user (defaults to true)

TypeScript Client Library

// Using the Flashback TypeScript client
import { FlashbackClient } from '@flashback/client';

const client = new FlashbackClient({
  accessToken: 'your-access-token'
});

// Create a new organization user
try {
  const result = await client.organization.users.create({
    email: '[email protected]',
    password: 'SecurePassword123!',
    firstName: 'New',
    lastName: 'User',
    orgRole: 0,
    sendInvite: true
  });
  console.log('User created:', result);
} catch (error) {
  console.error('Failed to create user:', error);
}

Code Samples

# You can also use wget
curl -X POST https://backend.flashback.tech/organization/users \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {access-token}' \
  -d '{
    "email": "[email protected]",
    "password": "SecurePassword123!",
    "firstName": "New",
    "lastName": "User",
    "orgRole": 0,
    "sendInvite": true
  }'

POST https://backend.flashback.tech/organization/users HTTP/1.1
Host: localhost:3000
Accept: application/json
Content-Type: application/json
Authorization: Bearer {access-token}

{
  "email": "[email protected]",
  "password": "SecurePassword123!",
  "firstName": "New",
  "lastName": "User",
  "orgRole": 0,
  "sendInvite": true
}

const headers = {
  'Accept':'application/json',
  'Content-Type':'application/json',
  'Authorization':'Bearer {access-token}'
};

const body = {
  email: "[email protected]",
  password: "SecurePassword123!",
  firstName: "New",
  lastName: "User",
  orgRole: 0,
  sendInvite: true
};

fetch('https://backend.flashback.tech/organization/users',
{
  method: 'POST',
  headers: headers,
  body: JSON.stringify(body)
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

body = {
  email: "[email protected]",
  password: "SecurePassword123!",
  firstName: "New",
  lastName: "User",
  orgRole: 0,
  sendInvite: true
}

result = RestClient.post 'https://backend.flashback.tech/organization/users',
  body.to_json, headers: headers

p JSON.parse(result)

import requests
import json

headers = {
  'Accept': 'application/json',
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

body = {
  "email": "[email protected]",
  "password": "SecurePassword123!",
  "firstName": "New",
  "lastName": "User",
  "orgRole": 0,
  "sendInvite": True
}

r = requests.post('https://backend.flashback.tech/organization/users', 
                 headers=headers, 
                 data=json.dumps(body))

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Content-Type' => 'application/json',
    'Authorization' => 'Bearer {access-token}',
);

$body = array(
    'email' => '[email protected]',
    'password' => 'SecurePassword123!',
    'firstName' => 'New',
    'lastName' => 'User',
    'orgRole' => 0,
    'sendInvite' => true
);

$client = new \GuzzleHttp\Client();

try {
    $response = $client->request('POST','https://backend.flashback.tech/organization/users', array(
        'headers' => $headers,
        'json' => $body
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

URL obj = new URL("https://backend.flashback.tech/organization/users");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Authorization", "Bearer {access-token}");
con.setDoOutput(true);

String jsonInputString = "{\"email\":\"[email protected]\",\"password\":\"SecurePassword123!\",\"firstName\":\"New\",\"lastName\":\"User\",\"orgRole\":0,\"sendInvite\":true}";

try(OutputStream os = con.getOutputStream()) {
    byte[] input = jsonInputString.getBytes("utf-8");
    os.write(input, 0, input.length);
}

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "encoding/json"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Content-Type": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    body := map[string]interface{}{
        "email": "[email protected]",
        "password": "SecurePassword123!",
        "firstName": "New",
        "lastName": "User",
        "orgRole": 0,
        "sendInvite": true,
    }

    jsonBody, _ := json.Marshal(body)
    data := bytes.NewBuffer(jsonBody)
    req, err := http.NewRequest("POST", "https://backend.flashback.tech/organization/users", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Example responses

201 Response

{
  "success": true,
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "name": "New",
    "lastName": "User",
    "orgId": "123e4567-e89b-12d3-a456-426614174000",
    "orgRole": 0,
    "validated": false,
    "deletedAt": null,
    "orgRoleDescription": "USER",
    "orgRoles": [0]
  },
  "message": "User created successfully. Verification email sent."
}

400 Response

{
  "success": false,
  "data": {},
  "message": "Password does not meet security requirements"
}

403 Response

{
  "success": false,
  "data": {},
  "message": "Insufficient permissions to create users"
}

500 Response

{
  "success": false,
  "data": {},
  "message": "Internal server error"
}

Responses

Status

Meaning

Description

Schema

201

Created

User created successfully

Inline

400

Bad Request

Invalid input data or email already exists

Inline

403

Forbidden

Insufficient permissions or user not in organization

Inline

500

Internal Server Error

Internal server error

Inline

Response Schema

Status Code 201

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» data

object

false

none

Created user data

»» id

string

false

none

Unique identifier for the user

»» email

string

false

none

User's email address

»» name

string

false

none

User's first name

»» lastName

string

false

none

User's last name

»» orgId

string

false

none

Organization identifier

»» orgRole

integer

false

none

User's organization role (0x00-0xff)

»» validated

boolean

false

none

Whether the user's email is validated (false for new users)

»» deletedAt

string (date-time)

false

none

Deletion timestamp (null if active)

»» orgRoleDescription

string

false

none

Human-readable role description

»» orgRoles

[integer]

false

none

Array of available roles for the user

» message

string

false

none

Success message with additional information

Status Code 400

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» data

object

false

none

Empty object (no user data)

» message

string

false

none

Error message describing the validation issue

Status Code 403

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» data

object

false

none

Empty object (no user data)

» message

string

false

none

Error message describing the permission issue

Status Code 500

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» data

object

false

none

Empty object (no user data)

» message

string

false

none

Error message describing the server issue

Enumerated Values

Parameter

Value

Description

» orgRole

0x00

USER - Default role with basic access

» orgRole

0x01

BILLING - Can manage billing and subscriptions

» orgRole

0x02

WORKSPACES - Can manage workspaces and team members

» orgRole

0xfe

ADMINISTRATOR - Administrative access

» orgRole

0xff

OWNER - Full organization access

Security

BearerAuth: Bearer token authentication required
Permissions: Requires WORKSPACES role or higher to access user management functions
Password Requirements: Password must meet security requirements (minimum length, complexity, etc.)

Notes

New users receive a verification email and must validate their account before accessing the system
The validated field will be false for newly created users
Email addresses must be unique across the system
Users are automatically assigned to the authenticated user's organization

Previousget__organization_users Nextget__organization_users_{userId}

Last updated 5 months ago

Was this helpful?

hashtagRequest Body

hashtagTypeScript Client Library

hashtagCode Samples

hashtagResponses

hashtagResponse Schema

hashtagSecurity

hashtagNotes

Request Body

TypeScript Client Library

Code Samples

Responses

Response Schema

Security

Notes