Skip to content

Users API

Users

A user represents a giosg user account. A user resource has the following attributes.

Attribute Type Editable Description
id UUID read-only Unique identifier.
email string required Email address. Must be unique. For users with is_bot as true this can be null.
organization_id UUID read-only ID of the organization to which the user belongs to.
organization object read-only The organization resource to which the user belongs to.
first_name string required First name.
last_name string required Last name.
full_name string read-only Full name.
is_manager boolean optional This attribute is deprecated and will be dropped soon.
is_staff boolean read-only Whether the user is a giosg.com staff member. This cannot be altered with API endpoints. If you want this to be true, apply at our website!
alias string optional Display name, used when chatting. May be null but not a blank string.
gender integer optional Gender with three options: "male", "female", null (unknown).
birthday date optional Date of birth in format YYYY-MM-DD, e.g. 1980-06-19.
phone string optional Contact phone number.
title title optional Title of the user. May be null but not a blank string
created_at datetime read-only When the user resource was created.
updated_at datetime read-only When the user resource was updated last time.
deleted_at datetime read-only When the user resource was deleted. null if the user resource has not been deleted yet.
avatar_id UUID read-only ID of the user's avatar. null if the user has no avatar.
avatar object read-only The avatar of the user as an object. It contains attributes idand url. This is null if the user has no avatar.
is_online_enabled boolean required Whether or not the user wants to serve online as an operator. This determines if the is_online can be true.
is_online boolean read-only Whether the user is currently in online status as an operator. This can only be true if is_online_enabled is true and if is_present is true. Otherwise this is false. See user client for more information.
is_present boolean read-only Whether the user is currently present, i.e. if there is at least one user client whose presence has not expired. See user client for more information.
current_chat_count integer read-only The number of chats the user has currently, based on the most recent information about the user.
is_deleted boolean read-only Whether this user exists no more. If true, the resource exists only for historical purposes and cannot be used in any other context!
is_bot boolean optional Whether this user is a bot or not. Bot users are automatically created when an application requiring app_user is installed. If this is set to true emails should be set to None.
is_created_by_sso boolean read-only Whether this user was created by single sign-on (SSO) app.

Retrieve the authenticated user

Success

It is a common use case to first find out your own user or your organization's information, and then perform further actions on it.

There is a special API endpoint that returns the user resource depending on who is authenticated.

GET https://service.giosg.com/api/v5/users/me

To find out your organization's ID, just use the organization_id attribute of the returned resource. Alternatively you can use the nested organization resource for more details).

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription

Retrieve a user

Get a single user object by its ID (<user_id>).

GET https://service.giosg.com/api/v5/users/<user_id>

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Update a user

Example request and payload: Switch user to online

1
PATCH https://service.giosg.com/api/v5/users/fb993c84-1591-41f1-8d36-3804117f64e0

1
2
3
{
  "is_online_enabled": true
}

You may update some of the attributes of a user (<user_id>) by making a PATCH request:

PATCH https://service.giosg.com/api/v5/users/<user_id>

You may also update the whole user resource with a PUT request. In this case, you need to define all the required attributes and any omitted optional attributes will be set to their defaults:

PUT https://service.giosg.com/api/v5/users/<user_id>

This endpoint returns:

  • 200 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Create an organization user

POST https://service.giosg.com/api/v5/orgs/<organization_id>/users

Creating an organization user requires 3 compulsory attributes:

Attribute Type Editable Description
email string required The email address for the user. Must be a valid email. For users with is_bot as true this can be null.
first_name string required First name of the user.
last_name string required Last name of the user.

Example request and payload: Create a new organization user with POST

1
POST https://service.giosg.com/api/v5/orgs/64c8fb1c-8673-11e7-a7c7-00163e8edbc5/users

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "email": "test@example.com",
  "first_name": "first name",
  "last_name": "last name",
  "is_manager": true,
  "alias": "Test Alias",
  "gender": "male",
  "birthday": 1990-07-10,
  "phone": "0123456789",
  "title": "Test Title",
  "is_online_enabled": true
}

Create a new user object (<user_id>) for an organization (<organization_id>).

This endpoint returns:

  • 200 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission

List organization users

Get a paginated collection of users who belong to a given organization (<organization_id>)

GET https://service.giosg.com/api/v5/orgs/<organization_id>/users

Parameter Type Default Description
ordering ordering created_at Ordering of results with options created_at, updated_at, or email (with or without -)
is_deleted boolean (none) By default returns all users. If true, returns only deleted users. If false, returns only active users.
is_manager boolean (none) This parameter is deprecated and will be dropped soon.

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization

Retrieve an organization user

Get a single user object by its ID (<user_id>) that belongs to an organization (<organization_id>)

GET https://service.giosg.com/api/v5/orgs/<organization_id>/users/<user_id>

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 404 if user was not found

Update an organization user

Example request and payload: Switch user to online

1
PATCH https://service.giosg.com/api/v5/orgs/2577ef72-efa0-4b4c-b5b6-0fc3a73e818f/users/fb993c84-1591-41f1-8d36-3804117f64e0

1
2
3
{
  "is_online_enabled": true
}

You may update some of the attributes of a user (<user_id>) that belongs to an organization (<organization_id>) by making a PATCH request:

PATCH https://service.giosg.com/api/v5/orgs/<organization_id>/users/<user_id>

You may also update the whole user resource with a PUT request. In this case, you need to define all the required attributes and any omitted optional attributes will be set to their defaults:

PUT https://service.giosg.com/api/v5/orgs/<organization_id>/users/<user_id>

This endpoint returns:

  • 200 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Warning

You are allowed to update your own details even without users permission.

Delete an organization user

DELETE https://service.giosg.com/api/v5/orgs/<organization_id>/users/<user_id>

1
2
DELETE
https://service.giosg.com/api/v5/orgs/2577ef72-efa0-4b4c-b5b6-0fc3a73e818f/users/fb993c84-1591-41f1-8d36-3804117f64e0

Only delete the user account if you want to permanently disable the user account!

This endpoint returns:

  • 204 if the request was successful
  • 400 if you tried to delete your own authenticated account
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found
  • 404 if the user has already been deleted

Retrieve an organization user's preferences

Get a single user objects preferences by its ID (<user_id>) that belongs to an organization (<organization_id>)

GET https://service.giosg.com/api/v5/orgs/<organization_id>/users/<user_id>/preferences

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Returns user preference object

User clients

Each single application instance that uses the giosg HTTP API is considered a "user client". Each user may have multiple clients. For example, the same user may use giosg on their desktop computer and/or on their mobile device. What is a "client" depends on the type of the app:

  • For web browser (either mobile or desktop) each browser tab or window is their own "client". It is recommended that each page load is a new client, so you only need to keep the client ID in memory while the page is running. There is no need to persist the ID, e.g. in a web storage. The client will be automatically forgotten when expired. Therefore, you should keep the expiration time relatively short.
  • For mobile apps each app installation is their own "client". You register the client when the user signs in and then persist the client ID until uninstallation or sign-out. Mobile apps rarely get chances to announce their presence so their expiration time should be relatively long.
  • For a native software or a web browser extension/plugin, the installation is a single client until uninstalled.

User client's function is to refresh user's presence:

Users have two special attributes that depends of whether or not the user has announced his presence: is_online and is_present. Their values may only be true if there is at least one user client that the system considers "present". The system remembers when the client has last time announced about themselves and automatically determines if the related user is present. Also, user may only be online if they are also present.

A user client has the following attributes:

Attribute Type Editable Description
id UUID read-only An unique identifier for the client, generated by the system.
gcm_token string optional This attribute is deprecated and will be dropped soon.
subscribed_channels array of strings optional This attribute is deprecated and will be dropped soon.
presence_expires_in integer required The number of seconds the system should keep this client present. Only the latest provided value applies for the client.
presence_expires_at datetime read-only When the client will expire (or has expired), calculated from presence_expires_in. If this is in the past, then the client is not considered present.
is_about_to_expire boolean read-only Whether or not this user client is about to expire soon. This becomes false when creating/refreshing a user client, and will later change to true. This can be used to implement "server-side pinging", see below.
created_at datetime read-only When the user client resource was created.
updated_at datetime read-only When the user client resource was updated last time.

The presence_expires_in defines how often you need to refresh the client's presence status. Longer timeout allows you to make less refresh requests. On the other hand, with longer timeouts it takes longer to notice that your client has been closed, shut down, or disconnected from the network. We recommend shorter timeouts for browsers (e.g. 60 seconds) and longer timeouts for mobile apps.

Register a user client

Example request

1
POST https://service.giosg.com/api/v5/orgs/e9acaa51-f7a8-442e-ac7f-d36d926e228b/users/6b9d5dd2-ffb9-467c-b893-f41b6d2e93ae/clients

Example request payload for creating a new user client.

1
2
3
{
  "presence_expires_in": 60
}

Example response

1
2
3
4
5
6
7
{
  "id": "6d78c168-8688-4b79-a528-fbd3af53beef",
  "gcm_token": null,
  "subscribed_channels": [],
  "presence_expires_at": "2016-03-10T22:00:49.123Z",
  "presence_expires_in": 60
}

When a user starts using a new client (e.g. opens a giosg app web page) they should announce their existence to the server:

POST /api/v5/orgs/<organization_id>/users/<user_id>/clients

You must provide the presence_expires_in attribute. Please note that you should refresh the client presence again before this number of seconds have elapsed in order to keep your client online. You should consider your client devices performance for this.

This endpoint returns:

  • 201 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Notice

You should persist the returned client id attribute to a local storage while the client is being used!

Refresh a user client

Example request

1
PUT https://service.giosg.com/api/v5/orgs/e9acaa51-f7a8-442e-ac7f-d36d926e228b/users/6b9d5dd2-ffb9-467c-b893-f41b6d2e93ae/clients/6d78c168-8688-4b79-a528-fbd3af53beef

You need to frequently tell the server about the presence of your client, otherwise the user will be automatically switched to "not present" and "offline" state.

You refresh one of your clients:

PUT /api/v5/orgs/<organization_id>/users/<user_id>/clients/<client_id>

OR

PATCH /api/v5/orgs/<organization_id>/users/<user_id>/clients/<client_id>

The <client_id> is the id returned when first time announcing the client with POST.

Again, you must provide a payload object with the presence_expires_in attribute, which overwrites any previously set value.

This endpoint returns:

  • 200 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Notice

Server may automatically unregister clients if their presence expires. However, this does not affect your client, as you can always use an old client ID. Refreshing an unregistered client will re-register the client.

Unregister a user client

In some cases you may want to unregister the client completely to make the the client not present immediately:

DELETE /api/v5/orgs/<organization_id>/users/<user_id>/clients/<client_id>

This endpoint returns:

  • 204 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

List user clients

1
GET /api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/users/aad26fe2-c8f3-45dc-931b-4b0b5e06467d/clients

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
{
  "next": "https://service.giosg.com/api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/users/aad26fe2-c8f3-45dc-931b-4b0b5e06467d/clients?cursor=45d9e7358e1249c491b4fa0212310f55",
  "previous": null,
  "results": [
    {
      "gcm_token": null,
      "subscribed_channels": [],
      "created_at": "2015-09-18T05:46:30.100Z",
      "id": "fdfc443a-1390-11e6-ba72-60f81dcf1946",
      "updated_at": "2016-05-06T13:46:53.882Z"
    },
    {
      "gcm_token": null,
      "subscribed_channels": [],
      "created_at": "2015-09-21T15:59:40.000Z",
      "id": "fdfb4397-1390-11e6-b10a-60f81dcf1946",
      "updated_at": "2016-05-06T13:46:53.874Z"
    }
  ]
}

You can get a paginated collection of all the user clients of the user:

GET /api/v5/orgs/<organization_id>/users/<user_id>/clients

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

User preferences

Each user always has a single preferences resource containing private settings conserning the user account. A user preferences resource has the following attributes.

Attribute Type Editable Default Description
user_id UUID read-only User's UUID Unique identifier of user.
chat_capacity integer required 5 An estimate about the maximum number of people the user is willing to chat with simultaneously. The system uses this value in its algorithms to determine how many messages are sent in the name of the user.
desktop_message_sound string required visitor_message Identifier for the message sound used when a visitor sends a message.
is_desktop_message_sound_continuous boolean required true Whether or not to play the message sound continuously until the user interacts with the UI.
desktop_visitor_added_sound string required visitor_connect Identifier for the message sound played when a new visitor becomes present.
is_desktop_visitor_added_sound_continuous boolean required true Whether or not to play the visitor added sound continuously until the user interacts with the UI.
ui_language_code string required en Preferred UI Language in ISO 639-1 code.
is_muted_offline boolean required false Whether or not to disable the sounds while the user is offline.
is_statistics_email_enabled boolean required true Whether or not to send statistic emails to the user.
is_desktop_notification_enabled boolean required false Whether or not to use desktop notifcations (if supported by the browser)
is_spellcheck_enabled boolean required false Whether or not to enable spellchecking when composing messages (if supported by the browser)
desktop_volume integer required 100 The volume which is used for desktop message and visitor added notifications. The value can be between zero and hundred (0-100), meaning zero is silent while hundred is the maximum.
is_swimlane_visible boolean optional true Whether or not to show the swimlane in giosg console.

Info

User preferences are created and deleted with the user. They can only be updated. The preference attributes are initially set to their default values.

Retrieve user preferences

You can get the preferences of the user:

GET /api/v5/users/<user_id>/preferences

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Update user preferences

You can update some or all your preferences with a PATCH request:

PATCH /api/v5/users/<user_id>/preferences

Any omitted preference attributes are kept in their previous values.

You can also make a PUT request, but in this case you need to provide all the preference attributes, otherwise a 400 response is returned:

PUT /api/v5/users/<user_id>/preferences

This endpoint returns:

  • 200 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Update user UI language

You can update users UI language with a PATCH request. This value is used accross Giosg platform, for example in Giosg LIVE chat and Interaction Builder.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
import requests
import json

API_TOKEN = "<api token>"
USER_ID = "<user id>"
url = "https://service.giosg.com/api/v5/users/{}/preferences".format(USER_ID)
payload = {
  "ui_language_code": "ko"  # Set to Korean
}

response = requests.patch(url, json.dumps(payload), headers={
    'Authorization': 'Token {}'.format(API_TOKEN),
    'Content-Type': 'application/json',
})
response.raise_for_status()
print(response.json())

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
const API_TOKEN = "<api token>";
const USER_ID = "<user id>";
const url = `https://service.giosg.com/api/v5/users/${USER_ID}/preferences`;
const payload = {
  ui_language_code: "ko"  // Set to Korean
}
const response = await fetch(url, {
    method: "PATCH",
    body: JSON.stringify(payload),
    headers: {
        "Content-Type": "application/json",
        Authorization: `Token ${API_TOKEN}`,
    },
});
console.log(await response.json());

User avatar

Each user may have one avatar or none. An avatar resource has the following attributes.

Attribute Type Editable Description
id UUID read-only Unique identifier of avatar.
url string required URL location where the avatar is hosted.
created_at datetime read-only When the user client resource was created.
updated_at datetime read-only When the user client resource was updated last time.

Retrieve avatar

You can get the avatar of the user:

GET /api/v5/users/<user_id>/avatar

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Or alternatively:

GET /api/v5/orgs/<organization_id>/users/<user_id>/avatar

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Uploading new avatar for the user

You can upload a new avatar for user by making a POST request:

POST /api/v5/users/<user_id>/avatar

This endpoint returns:

  • 201 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Or alternatively:

POST /api/v5/orgs/<organization_id>/users/<user_id>/avatar

This endpoint returns:

  • 201 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

You need to provide the image as a request payload in multipart/form-data format.

Warning

A user may have only one avatar at a time. If you upload a new avatar for the user, then the old one will be deleted.

Deleting avatar of user

You can delete user's avatar by making a DELETE request:

DELETE /api/v5/users/<user_id>/avatar

This endpoint returns:

  • 204 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

Or alternatively:

DELETE /api/v5/orgs/<organization_id>/users/<user_id>/avatar

This endpoint returns:

  • 204 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

User permissions

User permissions represent which resources are accessed by user. There are three different permissions which user may have (Settings, Reports, and User management). These permissions define which APIs are accessible by the user as well as which UI elements are shown in Giosg service e.g. buttons in top bar. Console view is accessible for all users in Giosg service and cannot be disabled by changing permissions. Required permission scopes are listed after each endpoint or you may refer our API permission cheat sheet.

A user permission has the following attributes:

Attribute Type Editable Description
organization_id UUID read-only ID of the organization in which user belongs.
organization object read-only Organization in which user belongs.
user_id UUID read-only ID of the user whose permission it is.
user object read-only User whose permission it is.
scope string required Which resource is accessible by user. Options are settings, reports, and users.
created_at datetime read-only When the user permission was created.
created_by_user_id UUID read-only ID of the user which created this user permission.
created_by_user object read-only User which created this user permission.

List organization user's permissions

1
GET https://service.giosg.com/api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/users/006ff599-9073-11e6-a887-f45c89c72de3/permissions

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
  "next": "https://service.giosg.com/api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/users/006ff599-9073-11e6-a887-f45c89c72de3/permissions?cursor=171cfd0d7ce542be86221f01d2823cb1",
  "previous": null,
  "results": [
    {
      "organization_id": "e68220e1-9072-11e6-bf95-f45c89c72de3",
      "organization": {
        "id": "e68220e1-9072-11e6-bf95-f45c89c72de3",
        "name": "Company X"
      },
      "user_id": "006ff599-9073-11e6-a887-f45c89c72de3",
      "user": {
        "id": "006ff599-9073-11e6-a887-f45c89c72de3",
        "full_name": "Robotti Ruttunen",
        "first_name": "Robotti",
        "last_name": "Ruttunen",
        "organization_id": "e68220e1-9072-11e6-bf95-f45c89c72de3",
        "avatar_id": null,
        "avatar": null,
        "is_bot": false
      },
      "scope": "settings",
      "created_at": "2015-02-13T11:31:36.042",
      "created_by_user_id": "006ff599-9073-11e6-a887-f45c89c72de3",
      "created_by_user": {
        "id": "006ff599-9073-11e6-a887-f45c89c72de3",
        "full_name": "Robotti Ruttunen",
        "first_name": "Robotti",
        "last_name": "Ruttunen",
        "organization_id": "e68220e1-9072-11e6-bf95-f45c89c72de3",
        "avatar_id": null,
        "avatar": null,
        "is_bot": false
      }
    }
  ]
}

You can list permissions of an organization's user:

GET /api/v5/orgs/<organization_id>/users/<user_id>/permissions

This API endpoint returns a paginated collection. They are sorted by the creation time of the permissions, in ascending order.

This endpoint takes the following GET-parameters:

Parameter Type Default Description
ordering ordering created_at Ordering of results with options created_at or -created_at.

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Retrieve details of an organization's user's permission

You can retrieve details of organization's user's permission:

GET /api/v5/orgs/<organization_id>/users/<user_id>/permissions/<permission_scope>

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

Delete permission of a user

Example request for deleting a user's permission

1
POST https://service.giosg.com/api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/users/006ff599-9073-11e6-a887-f45c89c72de3/permissions/reports

You can remove a user's permission by:

DELETE /api/v5/orgs/<organization_id>/users/<user_id>/permissions/<permission_scope>

This endpoint returns:

  • 204 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found
  • 404 if permission scope was not found

Creating a new permission for a user

Example request for creating a new user permission

1
POST https://service.giosg.com/api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/users/006ff599-9073-11e6-a887-f45c89c72de3/permissions

Example request payload

1
2
3
{
  "scope": "reports"
}

You can create a new permission for a user by:

POST /api/v5/orgs/<organization_id>/users/<user_id>/permissions

This endpoint returns:

  • 201 if the request was successful
  • 400 if required attributes are missing from the request
  • 400 if the request payload is in wrong format
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if user was not found

List user's permissions

Example request for listing user's permissions

1
GET https://service.giosg.com/api/v5/users/006ff599-9073-11e6-a887-f45c89c72de3/permissions

You can list permissions of a user:

GET /api/v5/users/<user_id>/permissions

This API endpoint returns a paginated collection. They are sorted by the creation time of the permissions, in ascending order.

This endpoint takes the following GET-parameters:

Parameter Type Default Description
ordering ordering created_at Ordering of results with options created_at or -created_at.

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the user

List all organization's users with given permission scope

Example request for listing all organization's users with given scope

1
POST https://service.giosg.com/api/v5/orgs/7f9e9580-095b-42c7-838c-c04e667b26f7/permissions/reports/users

You can list all organization's users for a permission scope by:

POST /api/v5/orgs/<organization_id>/permissions/<permission_scope>/users

This API endpoint returns user objects instead permission objects.

This endpoint returns:

  • 200 if the request was successful
  • 401 if you are not authenticated
  • 403 if you do not have active subscription
  • 403 if you do not have access to the organization
  • 403 if you do not have users permission
  • 404 if permission scope was not found