Role Management

Manage user roles and permissions within your app

Get User DetailsGETAdmin Only

/api/user/{userId}/role

Get details of a specific user including their role. Requires admin role.

Example Request

Bash

curl -X GET "https://your-auth-server.com/api/user/user_123456/role" \
  -H "x-api-key: your-app-api-key" \
  -H "Authorization: Bearer admin-user-token"

Response

JSON

{
  "user": {
    "id": "user_123456",
    "email": "john@example.com",
    "firstName": "John",
    "lastName": "Doe",
    "role": "user",
    "emailVerified": true,
    "createdAt": "2024-01-15T10:30:00Z",
    "updatedAt": "2024-01-15T10:30:00Z"
  }
}

Update User RolePATCHAdmin Only

/api/user/{userId}/role

Change the role of a specific user. Requires admin role. Users cannot change their own role.

Request Body

JSON

{
  "role": "moderator",
  "appId": "your-app-id"
}

Example Request

Bash

curl -X PATCH "https://your-auth-server.com/api/user/user_123456/role" \
  -H "x-api-key: your-app-api-key" \
  -H "Authorization: Bearer admin-user-token" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "moderator",
    "appId": "your-app-id"
  }'

Response

JSON

{
  "message": "User role updated successfully",
  "userId": "user_123456",
  "newRole": "moderator"
}

Available Roles

Understanding the role system and permissions

user

Standard user with basic access (default role)

admin

Administrator with role management privileges

moderator

Moderator role for content management

member

Member role with extended privileges

Security Features

• Users cannot change their own role (self-protection)
• App isolation - users can only manage users within their own app
• Admin role required for all role management operations
• API key validation ensures requests come from valid apps
• Comprehensive audit trail for role changes