App Users
Read, create, edit, and run actions on application users.
All app user routes require applicationId and check access to that application.
Get users metadata
GET /api/v1/panel/get-users-metadata
Required scope: app_users:read
curl "https://api.blazeauth.net/api/v1/panel/get-users-metadata?applicationId=123456789" \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"Optional searchParams is a URL-encoded JSON string:
{
"searchString": "john",
"categories": ["Login", "IPv4", "Client id"]
}{
"success": true,
"message": "Successfully fetched users metadata",
"data": {
"totalUsers": 42
}
}Get users table
GET /api/v1/panel/get-users-table
Required scope: app_users:read
curl "https://api.blazeauth.net/api/v1/panel/get-users-table?applicationId=123456789¤tPage=1" \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"| Query field | Type | Required | Notes |
|---|---|---|---|
applicationId | string | Yes | Target application id. |
currentPage | number | Yes | Positive integer. |
searchParams | string | null | No | JSON string with searchString and categories. |
{
"success": true,
"message": "Successfully fetched users table",
"data": [
{
"id": "8001",
"applicationId": "123456789",
"login": "john@example.com",
"comment": "primary account",
"clientId": "client-001",
"ipAddress": "203.0.113.10",
"applicationUserSettings": {
"levels": ["pro"],
"requiresLicense": true,
"credentialsType": "email_password",
"requiresClientId": true
},
"createdAt": "2026-05-12T09:00:00.000Z"
}
],
"totalPages": 2
}Create user
POST /api/v1/panel/create-user
Required scope: app_users:create
curl "https://api.blazeauth.net/api/v1/panel/create-user?applicationId=123456789" \
-X POST \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"login": "john@example.com",
"password": "secret-password",
"comment": "primary account",
"clientId": "client-001",
"ipAddress": "203.0.113.10",
"applicationUserSettings": {
"levels": ["pro"],
"requiresLicense": true,
"credentialsType": "email_password",
"requiresClientId": true
}
}'| Body field | Type | Required | Notes |
|---|---|---|---|
login | string | Yes | 4-320 characters. Must be a valid email when credentialsType is email_password. |
password | string | Yes | 6-64 characters. |
comment | string | No | Maximum 64 characters. |
clientId | string | No | Maximum 64 characters. |
ipAddress | string | No | Maximum 64 characters. |
applicationUserSettings.levels | string[] | Yes | At least one level. |
applicationUserSettings.requiresLicense | boolean | Yes | Whether the user must have a linked/active license. |
applicationUserSettings.credentialsType | string | Yes | username_password or email_password. |
applicationUserSettings.requiresClientId | boolean | Yes | Whether authorization requires a client id. |
{
"success": true,
"message": "Successfully created user."
}Edit user
PATCH /api/v1/panel/edit-user
Required scope: app_users:update
The edit route uses the same body schema as create and expects the full user payload.
curl "https://api.blazeauth.net/api/v1/panel/edit-user?applicationId=123456789&applicationUserId=8001" \
-X PATCH \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"login": "john@example.com",
"password": "new-secret-password",
"comment": "updated account",
"clientId": "client-001",
"ipAddress": "203.0.113.10",
"applicationUserSettings": {
"levels": ["pro"],
"requiresLicense": true,
"credentialsType": "email_password",
"requiresClientId": true
}
}'| Query field | Type | Required | Notes |
|---|---|---|---|
applicationId | string | Yes | Target application id. |
applicationUserId | string | Yes | User row to update. |
{
"success": true,
"message": "Successfully updated user."
}Users action
POST /api/v1/panel/users-action
Delete actions require app_users:delete. All other actions require
app_users:update.
curl "https://api.blazeauth.net/api/v1/panel/users-action?applicationId=123456789" \
-X POST \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"action": "link_user_to_license",
"userId": "8001",
"license": "ABCDEF-123456"
}'| Action | Required scope | Required extra fields |
|---|---|---|
delete_every_user | app_users:delete | None |
delete_user | app_users:delete | userId |
reset_client_id_user | app_users:update | userId |
link_user_to_license | app_users:update | userId, license |
Actions notify connected client sessions for the application where appropriate.
{
"success": true,
"message": "Action completed successfully."
}