oCoreoCore Docs
API Reference

Users

List all users

Returns a paginated list of all platform users with optional search.

GET
/admin/users

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Query Parameters

pageinteger

Page number

limitinteger

Page size

searchstring

Search by name or email

curl -X GET "//api.ocore.dev/api/admin/users?page=0&limit=0&search=%3Cstring%3E" \
  -H "Authorization: <token>"

OK

{
  "total": 0,
  "users": [
    {
      "createdAt": "string",
      "deactivatedAt": "string",
      "email": "string",
      "emailVerified": true,
      "id": "string",
      "isServerAdmin": true,
      "lastLoginAt": "string",
      "name": "string",
      "orgCount": 0,
      "totpEnabled": true
    }
  ]
}

Create a new user

Creates a new user account as a server admin.

POST
/admin/users

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

User details

emailstring
namestring
orgIdstring
passwordstring
curl -X POST "//api.ocore.dev/api/admin/users" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "string",
    "name": "string",
    "orgId": "string",
    "password": "string"
  }'

Created

{
  "createdAt": "string",
  "deactivatedAt": "string",
  "email": "string",
  "emailVerified": true,
  "id": "string",
  "isServerAdmin": true,
  "lastLoginAt": "string",
  "name": "string",
  "orgCount": 0,
  "totpEnabled": true
}

Get user details

Returns detailed information about a specific user.

GET
/admin/users/{id}

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X GET "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08" \
  -H "Authorization: <token>"

OK

{
  "createdAt": "string",
  "deactivatedAt": "string",
  "email": "string",
  "emailVerified": true,
  "id": "string",
  "isServerAdmin": true,
  "lastLoginAt": "string",
  "name": "string",
  "orgCount": 0,
  "totpEnabled": true
}

Delete a user

Permanently deletes a user account.

DELETE
/admin/users/{id}

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X DELETE "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Deactivate a user

Deactivates a user account, preventing login.

POST
/admin/users/{id}/deactivate

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/deactivate" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Demote server admin

Removes server admin privileges from a user. Cannot demote the last admin.

POST
/admin/users/{id}/demote

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/demote" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Force disable 2FA

Disables two-factor authentication for a user.

POST
/admin/users/{id}/disable-2fa

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/disable-2fa" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Promote user to server admin

Grants server admin privileges to a user.

POST
/admin/users/{id}/promote

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/promote" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Reactivate a user

Reactivates a previously deactivated user account.

POST
/admin/users/{id}/reactivate

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/reactivate" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Reset user password

Resets a user's password and invalidates all active sessions.

POST
/admin/users/{id}/reset-password

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

New password

passwordstring

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/reset-password" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "string"
  }'

OK

{
  "message": "string"
}

Force verify user email

Marks a user's email as verified without requiring email confirmation.

POST
/admin/users/{id}/verify-email

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

User ID

Format: "uuid"
curl -X POST "//api.ocore.dev/api/admin/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/verify-email" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Disable two-factor authentication

Disables 2FA on the account after verifying the user's password.

POST
/user/2fa/disable

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Current password for verification

passwordstring
curl -X POST "//api.ocore.dev/api/user/2fa/disable" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "string"
  }'

OK

{
  "message": "string"
}

Enable two-factor authentication

Verifies a TOTP code against the pending setup and enables 2FA on the account.

POST
/user/2fa/enable

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

TOTP verification code

codestring
curl -X POST "//api.ocore.dev/api/user/2fa/enable" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "string"
  }'

OK

{
  "message": "string"
}

Generate TOTP 2FA setup

Generates a TOTP secret, QR code URL, and recovery codes for two-factor authentication setup.

POST
/user/2fa/setup

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X POST "//api.ocore.dev/api/user/2fa/setup" \
  -H "Authorization: <token>"

OK

{
  "qrCodeUrl": "string",
  "recoveryCodes": [
    "string"
  ],
  "secret": "string"
}

Get current user profile

Returns the authenticated user's profile including organization memberships and roles.

GET
/user/me

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X GET "//api.ocore.dev/api/user/me" \
  -H "Authorization: <token>"

OK

{
  "avatarUrl": "string",
  "email": "string",
  "emailVerified": true,
  "id": "string",
  "name": "string",
  "orgs": [
    null
  ],
  "totpEnabled": true
}

Update current user profile

Updates the authenticated user's name and/or avatar URL.

PUT
/user/me

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Profile fields to update

avatarUrlstring
namestring
curl -X PUT "//api.ocore.dev/api/user/me" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "avatarUrl": "string",
    "name": "string"
  }'

OK

{
  "avatarUrl": "string",
  "email": "string",
  "id": "string",
  "name": "string"
}

List user's organizations

Returns all organizations the authenticated user is a member of, including role information.

GET
/user/orgs

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X GET "//api.ocore.dev/api/user/orgs" \
  -H "Authorization: <token>"

OK

{
  "organizations": [
    null
  ]
}

List active sessions

Returns all active sessions for the authenticated user, including device info and current session indicator.

GET
/user/sessions

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X GET "//api.ocore.dev/api/user/sessions" \
  -H "Authorization: <token>"

OK

{
  "sessions": [
    null
  ]
}

Revoke a session

Revokes a specific session by ID. Only sessions belonging to the authenticated user can be revoked.

DELETE
/user/sessions/{id}

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

Session UUID

curl -X DELETE "//api.ocore.dev/api/user/sessions/<string>" \
  -H "Authorization: <token>"

OK

{
  "message": "string"
}

Was this page helpful?
Edit on GitHub

Impersonation

Previous Page

Email

Next Page