3.2. Creating users in a domain

POST /v3/users

Create a user in the domain with the specified ID.

Source: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=#create-user

3.2.1. Request

3.2.1.1. Parameters

Name In Type Description
user body object A user object
default_project_id (Optional) body string The ID of the default project for the user. A user’s default project must not be a domain. Setting this attribute does not grant any actual authorization on the project, and is merely provided for convenience. Therefore, the referenced project does not need to exist within the user domain. (Since v3.1) If the user does not have authorization to their default project, the default project is ignored at token creation. (Since v3.1) Additionally, if your default project is not valid, a token is issued without an explicit scope of authorization.
domain_id (Optional) body string The ID of the domain of the user. If the domain ID is not provided in the request, the Identity service will attempt to pull the domain ID from the token used in the request. Note that this requires the use of a domain-scoped token.
enabled (Optional) body boolean If the user is enabled, this value is true. If the user is disabled, this value is false.
name body string The user name. Must be unique within the owning domain.
password (Optional) body string The password for the user.
extra (Optional) body string The extra attributes of a resource. The actual name extra is not the key name in the request body, but rather a collection of any attributes that a resource may contain that are not part of the resource’s default attributes. Generally these are custom fields that are added to a resource in keystone by operators for their own specific uses, such as email and description for users.
options (Optional) body object The resource options for the user. Available resource options are ignore_change_password_upon_first_use, ignore_password_expiry, ignore_lockout_failure_attempts, lock_password, multi_factor_auth_enabled, and multi_factor_auth_rules ignore_user_inactivity.

3.2.1.2. Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' \
-d '{
    "user": {
        "domain_id": "f2eeaaf15c254d4fa10255796122c8ec",
        "enabled": true,
        "name": "user1",
        "password": "passwd",
        "description": "A new user",
        "email": "user1@example.com"
    }
}' https://<node_IP_addr>:5000/v3/users

3.2.2. Response

3.2.2.1. Parameters

Name In Type Description
user body object A user object
default_project_id (Optional) body string The ID of the default project for the user.
domain_id body string The ID of the domain.
enabled body boolean If the user is enabled, this value is true. If the user is disabled, this value is false.
id body string The user ID.
links body object The links for the user resource.
name body string The user name. Must be unique within the owning domain.
password_expires_at body string

The date and time when the password expires. The time zone is UTC.

This is a response object attribute; not valid for requests. A null value indicates that the password never expires.

New in version 3.7

options body object The resource options for the user. Available resource options are ignore_change_password_upon_first_use, ignore_password_expiry, ignore_lockout_failure_attempts, lock_password, multi_factor_auth_enabled, and multi_factor_auth_rules ignore_user_inactivity.

3.2.2.2. Status codes

3.2.2.2.1. Success

Code Reason
201 - Created Resource was created and is ready to use.

3.2.2.2.2. Error

Code Reason
400 - Bad Request Some content in the request was invalid.
401 - Unauthorized User must authenticate before making a request.
403 - Forbidden Policy does not allow current user to do this operation.
409 - Conflict This operation conflicted with another operation on this resource.

3.2.2.3. Example

{
    "user": {
        "name": "user1",
        "links": {
            "self": "https://<node_IP_addr>:5000/v3/users/8615e3ece62c44ffa9174c809664bd68"
        },
        "description": "A new user",
        "enabled": true,
        "email": "user1@example.com",
        "options": {},
        "id": "8615e3ece62c44ffa9174c809664bd68",
        "domain_id": "f2eeaaf15c254d4fa10255796122c8ec",
        "password_expires_at": null
    }
}