- Development Integration
- /
- SDK
- /
- Java
- /
Management module
- /
Manage users
- /
- Create users
¶ Create a user
Update time: 2025-07-23 07:34:21
This document is automatically generated based on https://github.com/authing/authing-docs-factory and https://api-explorer.genauth.ai V3 API, and is consistent with API parameters and return results. If the document description is incorrect, please refer to V3 API.
To create a user, one of the email address, mobile phone number, and user name must be included. The email address, mobile phone number, user name, and externalId are unique in the user pool. This interface will create a user as an administrator, so there is no need to perform security checks such as mobile phone number verification code verification.
¶ Method Name
ManagementClient.createUser
¶ Request Parameters
| Name | Type | Is it required | Default Value | Description | Example Value |
|---|---|---|---|---|---|
| status | string | No | Activated | Current status of the account | Activated |
| string | No | - | Email address, case insensitive | test@example.com | |
| phone | string | No | - | Phone number without area code. If Yes, the phone number is from abroad, specify the area code in the phoneCountryCode parameter. | 188xxxx8888 |
| phoneCountryCode | string | No | - | Mobile phone area code. This field is optional for mobile phone numbers in mainland China. The GenAuth SMS service does not yet support international mobile phone numbers. You need to configure the corresponding international SMS service in the GenAuth console. For a complete list of mobile phone area codes, please refer to https://en.wikipedia.org/wiki/List_of_country_calling_codes. | +86 |
| username | string | No | - | User name, unique in the user pool | bob |
| externalId | string | No | - | Third-party external ID | 10010 |
| name | string | No | - | User's real name, not unique | Zhang San |
| nickname | string | No | - | Nickname | Zhang San |
| photo | string | No | - | Avatar link | https://files.authing.co/authing-console/default-user-avatar.png |
| gender | string | No | U | Gender | M |
| emailVerified | boolean | No | - | Email address Yes No Verify | true |
| phoneVerified | boolean | No | - | Phone number Yes No Verify | true |
| birthdate | string | No | - | Date of birth | 2022-06-03 |
| country | string | No | - | Country | CN |
| province | string | No | - | Province | BJ |
| city | string | No | - | City | BJ |
| address | string | No | - | Address | Beijing Chaoyang |
| streetAddress | string | No | - | Street Address | Beijing Chaoyang District xxx Street |
| postalCode | string | No | - | Postal Code | 438100 |
| company | string | No | - | Company | steamory |
| browser | string | No | - | Last login browser UA | Mozilla/5.0 (Linux; Android 10; V2001A; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/10.2.10.0 |
| device | string | No | - | Last login device | iOS |
| givenName | string | No | - | First name | xxx |
| familyName | string | No | - | Last name | Zhang |
| middleName | string | No | - | Middle name | James |
| profile | string | No | - | Preferred Username | alice |
| preferredUsername | string | No | - | Preferred Username | alice |
| website | string | No | - | User personal website | https://my-website.com |
| zoneinfo | string | No | - | User time zone information | GMT-08:00 |
| locale | string | No | - | Locale | af |
| formatted | string | No | - | Standard full address | 132, My Street, Kingston, New York 12401. |
| region | string | No | - | User location | Xinjiang Uyghur Autonomous Region |
| password | string | No | - | User password, in plain text by default. We use the HTTPS protocol to securely transmit passwords, which can ensure security to a certain extent. If you need a higher level of security, we also support RSA256 and SM2 to encrypt passwords. See the passwordEncryptType parameter for details. | passw0rd |
| salt | string | No | - | Salt for encrypting user passwords | dgisaeieruur |
| tenantIds | string[] | No | - | tenant ID | ["63f867961cxxxx41e7ccb582","63bea7828f4xxxxbfa80df93"] |
| otp | CreateUserOtpDto | No | - | user's OTP authenticator | {"recoveryCode":"b471-8ec0-874a-087f-bccb-cd54","secret":"HZ2F6J3AGNAVSOTV"} |
| departmentIds | string[] | No | - | list of department IDs to which the user belongs | ["624d930c3xxxx5c08dd4986e","624d93102xxxx012f33cd2fe"] |
| customData | object | No | - | Custom data, the key in the passed object must first define the relevant custom fields in the user pool | {"school":"Beijing University","age":22} |
| metadataSource | object | No | - | Data object data, the key in the passed object must first define the relevant custom fields in the user pool | {"school":"Beijing University","age":22} |
| identities | CreateIdentityDto[] | No | - | Third-party identity source (it is recommended to call the binding interface for binding) | [{"extIdpId":"6076bacxxxxxxxxd80d993b5","provider":"wechat","type":"openid","userIdInIdp":"oj7Nq05R-RRaqak0_YlMLnnIwsvg"}] |
| identityNumber | string | No | - | User ID number | 420421xxxxxxxx1234 |
| options | CreateUserOptionsDto | No | - | Optional parameters | {"autoGeneratePassword":true,"resetPasswordOnFirstLogin":true,"passwordEncryptType":"none"} |
¶ Sample Code
package test.management;
import cn.authing.sdk.java.client.ManagementClient;
import cn.authing.sdk.java.dto.CreateUserReqDto;
import cn.authing.sdk.java.dto.UserSingleRespDto;
import cn.authing.sdk.java.model.ManagementClientOptions;
import cn.authing.sdk.java.util.JsonUtils;
public class CreateUserTest {
// Need to be replaced with your GenAuth Access Key ID
private static final String ACCESS_KEY_ID = "AUTHING_ACCESS_KEY_ID";
// Need to be replaced with your GenAuth Access Key Secret
private static final String ACCESS_KEY_SECRET = "AUTHING_ACCESS_KEY_SECRET";
public static void main(String[] args) throws Throwable {
ManagementClientOptions clientOptions = new ManagementClientOptions();
clientOptions.setAccessKeyId(ACCESS_KEY_ID);
clientOptions.setAccessKeySecret(ACCESS_KEY_SECRET);
// If you are a private deployment customer, you need to set the GenAuth service domain name
// clientOptions.setHost("https://api.your-authing-service.com");
ManagementClient client = new ManagementClient(clientOptions);
CreateUserReqDto reqDto = new CreateUserReqDto();
reqDto.setUsername("test");
UserSingleRespDto response = client.createUser(reqDto);
System.out.println(JsonUtils.serialize(response));
}
}
¶ Request Response
Type: UserSingleRespDto
| Name | Type | Description |
|---|---|---|
| statusCode | number | Business status code. You can use this status code to determine whether the operation is successful. 200 means success. |
| message | string | Description |
| apiCode | number | Segment error code, through which the specific error type can be obtained (not returned for successful requests). For a detailed list of error codes, see:API Code List (opens new window) |
| requestId | string | Request ID. Returned when the request fails. |
| data | UserDto | Response data |
Example Results:
{
"statusCode": 200,
"message": "Operation successful",
"requestId": "934108e5-9fbf-4d24-8da1-c330328abd6c",
"data": {
"userId": "6229ffaxxxxxxxxcade3e3d9",
"createdAt": "2022-07-03T03:20:30.000Z",
"updatedAt": "2022-07-03T03:20:30.000Z",
"status": "Activated",
"workStatus": "Active",
"externalId": "10010",
"email": "test@example.com",
"phone": "188xxxx8888",
"phoneCountryCode": "+86",
"username": "bob",
"name": "Zhang San",
"nickname": "Zhang San",
"photo": "https://files.authing.co/authing-console/default-user-avatar.png",
"loginsCount": 3,
"lastLogin": "2022-07-03T03:20:30.000Z",
"lastIp": "127.0.0.1",
"gender": "M",
"emailVerified": true,
"phoneVerified": true,
"passwordLastSetAt": "2022-07-03T03:20:30.000Z",
"birthdate": "2022-06-03",
"country": "CN",
"province": "BJ",
"city": "BJ",
"address": "Beijing Chaoyang",
"streetAddress": "xx Street, Chaoyang District, Beijing",
"postalCode": "438100",
"company": "steamory",
"browser": "Mozilla/5.0 (Linux; Android 10; V2001A; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/10.2.10.0",
"device": "iOS",
"givenName": "San",
"familyName": "Zhang",
"middleName": "James",
"profile": "alice",
"preferredUsername": "alice",
"website": "https://my-website.com",
"zoneinfo": "GMT-08:00",
"locale": "af",
"formatted": "132, My Street, Kingston, New York 12401.",
"region": "Xinjiang Uyghur Autonomous Region",
"userSourceType": "register",
"passwordSecurityLevel": 1,
"departmentIds": "[\"624d930c3xxxx5c08dd4986e\",\"624d93102xxxx012f33cd2fe\"]",
"identities": {
"identityId": "62299d8b866d2dab79a89dc4",
"extIdpId": "6076bacxxxxxxxxd80d993b5",
"provider": "wechat",
"type": "openid",
"userIdInIdp": "oj7Nq05R-RRaqak0_YlMLnnIwsvg",
"accessToken": "57_fK0xgSL_NwVlS-gmUwlMQ2N6AONNIOAYxxxx",
"refreshToken": "57_IZFu91Ak1Wg6DRytZFFIOd3upNF5lH7vPxxxxx",
"originConnIds": "[\"605492ac41xxxxe0362f0707\"]"
},
"identityNumber": "420421xxxxxxxx1234",
"customData": {
"school": "Beijing University",
"age": 22
},
"statusChangedAt": "2022-07-03T03:20:30.000Z"
}
}
¶ Data Structure
¶ CreateUserOtpDto
| Name | Type | Is it required | Description | Example Value |
|---|---|---|---|---|
| secret | string | Yes | OTP Secret | HZ2F6J3AGNAVSOTV |
| recoveryCode | string | No | OTP Recovery Code | b471-8ec0-874a-087f-bccb-cd54 |
¶ CreateIdentityDto
| Name | Type | Is it required | Description | Example Value |
|---|---|---|---|---|
| extIdpId | string | Yes | Identity source connection ID | 6076bacxxxxxxxxd80d993b5 |
| provider | string | Yes | External identity source Type: - wechat: WeChat- qq: QQ- wechatwork: WeChat for Business- dingtalk: DingTalk- weibo: Weibo- github: GitHub- alipay: Alipay- baidu: Baidu- lark: Feishu- welink: Welink- yidun: NetEase Yidun- qingcloud: Qingyun- google: Google- gitlab: GitLab- gitee: Gitee- twitter: Twitter- facebook: Facebook- slack: Slack- linkedin: Linkedin- instagram: Instagram- oidc: OIDC-based enterprise identity source- oauth2: OAuth2-based enterprise identity source- saml: SAML-based enterprise identity source- ldap: LDAP-based enterprise identity source- ad: AD-based enterprise identity source- cas: CAS-based enterprise identity source- azure-ad: Azure AD-based enterprise identity source | oidc |
| type | string | Yes | Identity type, such as unionid, openid, primary | openid |
| userIdInIdp | string | Yes | ID in the external identity source | oj7Nq05R-RRaqak0_YlMLnnIwsvg |
| userInfoInIdp | object | Yes | User's identity information in idp | |
| accessToken | string | No | Access Token in external identity source (this parameter is returned only when user actively obtains it, and it is not returned by management interface). | 57_fK0xgSL_NwVlS-gmUwlMQ2N6AONNIOAYxxxx |
| refreshToken | string | No | Refresh Token in external identity source (this parameter is returned only when user actively obtains it, and it is not returned by management interface). | 57_IZFu91Ak1Wg6DRytZFFIOd3upNF5lH7vPxxxxx |
| originConnIds | array | Yes | Identity source connection ID list from which identity comes | ["605492ac41xxxxe0362f0707"] |
¶ CreateUserOptionsDto
| Name | Type | Is it required | Description | Example Value |
|---|---|---|---|---|
| keepPassword | boolean | No | This parameter is usually set when migrating old user data to GenAuth. When this switch is turned on, the password field will be written directly to the GenAuth database, and GenAuth will not encrypt this field again. If your password is not stored in plain text, you should keep it turned on and write a password function to calculate it. | |
| autoGeneratePassword | boolean | No | Yes No Automatically generate passwords | |
| resetPasswordOnFirstLogin | boolean | No | Yes No Force users to reset their passwords on the first login | |
| departmentIdType | string | No | The type of the parent department ID used in this call | department_id |
| sendNotification | No | Option to send email and phone number when resetting password Nested Type: SendCreateAccountNotificationDto. | {"sendEmailNotification":true,"sendPhoneNotification":true} | |
| passwordEncryptType | string | No | Password encryption type, supports encryption using RSA256 and SM2 algorithms. The default is none, no encryption.- none: Do not encrypt the password, use plain text for transmission.- rsa: Use RSA256 algorithm to encrypt the password, which requires the RSA public key of the GenAuth service to encrypt. Please read the Introduction section to learn how to obtain the RSA256 public key of the GenAuth service.- sm2: Use National Encryption SM2 Algorithm (opens new window) to encrypt the password. You need to use the SM2 public key of the GenAuth service for encryption. Please read the Introduction section to learn how to obtain the SM2 public key of the GenAuth service. | sm2 |
¶ SendCreateAccountNotificationDto
| Name | Type | Is it required | Description | Example Value |
|---|---|---|---|---|
| sendEmailNotification | boolean | No | After creating an account, Yes No send email notification | |
| sendPhoneNotification | boolean | No | After creating an account, Yes No send SMS notification | |
| appId | string | No | When sending the login address, the specified application id will send the login address of this application to the user's email or mobile phone number. The default is the login address of the user pool application panel. | appid1 |
¶ UserDto
| Name | Type | Is it required | Description | Example Value |
|---|---|---|---|---|
| userId | string | Yes | The unique identifier of the user, which can be user ID, user name, email, phone number, externalId, or ID in an external identity source. For details, see the description of the userIdType field. The default is user id. | 6229ffaxxxxxxxxcade3e3d9 |
| createdAt | string | yes | creation time | 2022-07-03T03:20:30.000Z |
| updatedAt | string | yes | update time | 2022-07-03T03:20:30.000Z |
| status | string | yes | current status of the account: - Activated: normal status - Suspended: deactivated - Deactivated: disabled - Resigned: resigned - Archived: archived | Suspended |
| workStatus | string | yes | current work status of the account | Closed |
| externalId | string | no | third-party external ID | 10010 |
| string | no | email address, case insensitive | test@example.com | |
| phone | string | No | Phone number without area code. If it is a foreign phone number, specify the area code in the phoneCountryCode parameter. | 188xxxx8888 |
| phoneCountryCode | string | No | Mobile phone area code. This field is optional for mainland China mobile phone numbers. The GenAuth SMS service does not yet support international mobile phone numbers. You need to configure the corresponding international SMS service in the GenAuth console. For a complete list of mobile phone area codes, please refer to https://en.wikipedia.org/wiki/List_of_country_calling_codes. | +86 |
| username | string | No | Username, unique in the user pool | bob |
| name | string | No | User's real name, not unique | Zhang San |
| nickname | string | No | Nickname | Zhang San |
| photo | string | No | Avatar link | https://files.authing.co/authing-console/default-user-avatar.png |
| loginsCount | number | No | Total number of historical logins | 3 |
| lastLogin | string | No | Last login time | 2022-07-03T03:20:30.000Z |
| lastIp | string | No | Last login IP | 127.0.0.1 |
| gender | string | Yes | Gender: - M: Male, male- F: Female, female- U: unknown, unknown | M |
| emailVerified | boolean | yes | Email verified | true |
| phoneVerified | boolean | yes | Phone number verified | true |
| passwordLastSetAt | string | no | User's last password change time | 2022-07-03T03:20:30.000Z |
| birthdate | string | No | Date of birth | 2022-06-03 |
| country | string | No | Country | CN |
| province | string | No | Province | BJ |
| city | string | No | City | BJ |
| address | string | No | Address | Beijing Chaoyang |
| streetAddress | string | No | Street address | Beijing Chaoyang District xxx Street |
| postalCode | string | No | Postal code | 438100 |
| company | string | No | Company | steamory |
| browser | string | No | Last browser used for login UA | Mozilla/5.0 (Linux; Android 10; V2001A; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/10.2.10.0 |
| device | string | No | The device used when logging in last time | iOS |
| givenName | string | no | first name | xxx |
| familyName | string | no | last name | xxx |
| middleName | string | no | middle name | James |
| profile | string | no | Preferred Username | alice |
| preferredUsername | string | no | Preferred Username | alice |
| website | string | no | User personal website | https://my-website.com |
| zoneinfo | string | no | User time zone information | GMT-08:00 |
| locale | string | no | Locale | af |
| formatted | string | no | Full standard address | 132, My Street, Kingston, New York 12401. |
| region | string | no | User location | Xinjiang Uyghur Autonomous Region |
| userSourceType | string | yes | Source type: - excel: via excel Import- register: User self-registration- adminCreated: Manual creation by the administrator (including creating users using the management API)- syncTask: Sync task in the sync center | excel |
| userSourceId | string | No | Application ID or sync task ID | |
| lastLoginApp | string | No | ID of the application that the user last logged in to | |
| mainDepartmentId | string | No | ID of the user's main department | |
| lastMfaTime | string | No | Time when the user last performed MFA authentication | |
| passwordSecurityLevel | number | No | User password security strength level | 1 |
| resetPasswordOnNextLogin | boolean | No | Require password reset on next login | |
| registerSource | array | No | Registration method | |
| departmentIds | array | No | List of department IDs to which the user belongs | ["624d930c3xxxx5c08dd4986e","624d93102xxxx012f33cd2fe"] |
| identities | array | No | External identity source nested Type: IdentityDto. | |
| identityNumber | string | No | User ID number | 420421xxxxxxxx1234 |
| customData | object | No | User's extended field data | {"school":"Beijing University","age":22} |
| postIdList | array | No | User-associated department ID | |
| statusChangedAt | string | No | User status last modified time | 2022-07-03T03:20:30.000Z |
| tenantId | string | No | User tenant ID |
¶ IdentityDto
| Name | Type | Is it required | Description | Example Value |
|---|---|---|---|---|
| identityId | string | Yes | Identity source ID | 62299d8b866d2dab79a89dc4 |
| extIdpId | string | Yes | Identity source connection ID | 6076bacxxxxxxxxd80d993b5 |
| provider | string | Yes | External identity source Type: - wechat: WeChat- qq: QQ- wechatwork: WeChat for Business- dingtalk: DingTalk- weibo: Weibo- github: GitHub- alipay: Alipay- baidu: Baidu- lark: Feishu- welink: Welink- yidun: NetEase Yidun- qingcloud: Qingyun- google: Google- gitlab: GitLab- gitee: Gitee- twitter: Twitter- facebook: Facebook- slack: Slack- linkedin: Linkedin- instagram: Instagram- oidc: OIDC-type enterprise identity source- oauth2: OAuth2-type enterprise identity source- saml: SAML-type enterprise identity source- ldap: LDAP-type enterprise identity source- ad: AD-type enterprise identity source- cas: CAS-type enterprise identity source- azure-ad: Azure AD-type enterprise identity source | oidc |
| type | string | Yes | Identity type, such as unionid, openid, primary | openid |
| userIdInIdp | string | Yes | ID in the external identity source | oj7Nq05R-RRaqak0_YlMLnnIwsvg |
| userInfoInIdp | object | Yes | User's identity information in idp | |
| accessToken | string | No | Access Token in the external identity source (this parameter is only returned when the user actively obtains it, and the management side interface will not return it). | 57_fK0xgSL_NwVlS-gmUwlMQ2N6AONNIOAYxxxx |
| refreshToken | string | No | Refresh Token in the external identity source (this parameter is only returned when the user actively obtains it, and the management side interface will not return it). | 57_IZFu91Ak1Wg6DRytZFFIOd3upNF5lH7vPxxxxx |
| originConnIds | array | Yes | List of identity origin connection IDs that the identity comes from | ["605492ac41xxxxe0362f0707"] |