Users & Groups API

Endpoints Overview

Method	Path	Description
GET	`/prod/api/users`	List users
GET	`/prod/api/users/:id`	Get user
POST	`/prod/api/users`	Create user (admin)
PATCH	`/prod/api/users/:id`	Update user
DELETE	`/prod/api/users/:id`	Deactivate user (admin)
GET	`/prod/api/groups`	List assignment groups
GET	`/prod/api/groups/:id`	Get group
POST	`/prod/api/groups`	Create group
PATCH	`/prod/api/groups/:id/members`	Add/remove members

List Users

curl -H "Authorization: Bearer $TOKEN"   "https://your-instance.stackflow-tech.com/prod/api/users?role=itsm_agent&active=true&limit=50"

Get User

{
  "id": "usr_abc123",
  "email": "jane.doe@example.com",
  "given_name": "Jane",
  "family_name": "Doe",
  "display_name": "Jane Doe",
  "role": "itsm_agent",
  "active": true,
  "department": "IT Operations",
  "location": "New York",
  "assignment_groups": ["Platform Engineering", "SRE Team"],
  "cognito_sub": "uuid-...",
  "last_login": "2026-05-19T09:00:00Z",
  "created_at": "2025-06-01T00:00:00Z"
}

Create User

curl -X POST   https://your-instance.stackflow-tech.com/prod/api/users   -H "Authorization: Bearer $TOKEN"   -H "Content-Type: application/json"   -d '{
    "email": "new.user@example.com",
    "given_name": "New",
    "family_name": "User",
    "role": "itsm_agent",
    "department": "IT Operations",
    "assignment_groups": ["Level 1 Support"],
    "send_welcome_email": true
  }'

Cognito Provisioning: Creating a user via this API automatically creates a Cognito account in User Pool us-east-1_WKK1AVJ2m with a temporary password and sends a welcome email via Amazon SES if send_welcome_email: true.

Update User

curl -X PATCH   https://your-instance.stackflow-tech.com/prod/api/users/usr_abc123   -H "Authorization: Bearer $TOKEN"   -H "Content-Type: application/json"   -d '{"role": "itsm_manager", "department": "IT Management"}'

Assignment Groups

# List all groups
curl -H "Authorization: Bearer $TOKEN"   https://your-instance.stackflow-tech.com/prod/api/groups

# Create a group
curl -X POST   https://your-instance.stackflow-tech.com/prod/api/groups   -H "Authorization: Bearer $TOKEN"   -H "Content-Type: application/json"   -d '{
    "name": "Database Reliability",
    "description": "DBA and SRE team for database incidents",
    "manager": "dba-lead@example.com",
    "email": "db-reliability@example.com",
    "schedule": "24x7"
  }'

# Add members to group
curl -X PATCH   https://your-instance.stackflow-tech.com/prod/api/groups/grp_001/members   -H "Authorization: Bearer $TOKEN"   -H "Content-Type: application/json"   -d '{"add": ["dba1@example.com", "dba2@example.com"], "remove": []}'

Roles Reference

Role	Description	Key Permissions
`viewer`	Read-only access	View all records, no write access
`requester`	Self-service portal only	Submit catalog requests, view own tickets
`itsm_agent`	ITSM front-line agent	Manage incidents, changes, requests; use AI Copilot
`itsm_manager`	ITSM team lead	All agent permissions + SLA config, reports, CAB
`cloud_admin`	Cloud operations	Cloud management, CMDB write, discovery config
`knowledge_author`	KB author	Create/publish KB articles, manage categories
`super_admin`	Platform administrator	Full access to all modules and admin settings

Field Reference

Field	Type	Description
`email`	string	Primary identifier, must be unique (required)
`given_name`	string	First name
`family_name`	string	Last name
`role`	enum	User role (see Roles Reference)
`active`	boolean	Account active status
`assignment_groups`	array	Groups the user belongs to
`cognito_sub`	string	Cognito user pool subject identifier

← Previous

Catalog API

Service catalog items

AI Endpoints

AI ask, analyze, suggest