Users endpoints
Use the /users endpoints to register users, inspect the current identity, and administer SkillFlaw user accounts.
POST /api/v1/users/ is a public sign-up endpoint.
The remaining routes on this page are authenticated /api/v1/users routes.
User IDs in this API are integers, not UUIDs.
For tenant-scoped user-management operations, include at least a tenant-id header.
Superusers can call the management routes without scope headers.
Add user
Create a new user account with a username and password.
This route is public and does not require an API key.
The backend sets is_active from the NEW_USER_IS_ACTIVE setting and creates the user's default project after registration.
_10curl -X POST \_10 "$SKILLFLAW_URL/api/v1/users/" \_10 -H "Content-Type: application/json" \_10 -d '{_10 "username": "newuser2",_10 "password": "SecurePassw0rd!"_10 }'
Result
_24{_24 "id": 101,_24 "username": "newuser2",_24 "nickname": null,_24 "mobile": "",_24 "email": "",_24 "profile_image": null,_24 "store_api_key": null,_24 "reset_passwd": false,_24 "is_active": false,_24 "is_superuser": false,_24 "is_locked": false,_24 "is_sso": false,_24 "enable_login": true,_24 "api_key": "",_24 "create_at": "2026-04-28T10:15:20",_24 "updated_at": "2026-04-28T10:15:20",_24 "last_login_at": null,_24 "optins": {_24 "github_starred": false,_24 "dialog_dismissed": false,_24 "discord_clicked": false_24 }_24}
Get current user
Retrieve the authenticated user's profile.
_10curl -X GET \_10 "$SKILLFLAW_URL/api/v1/users/whoami" \_10 -H "accept: application/json" \_10 -H "x-api-key: $SKILLFLAW_API_KEY"
Result
_23{_23 "id": 1,_23 "username": "skillflaw",_23 "nickname": "System Admin",_23 "mobile": "13800000000",_23 "email": "admin@example.com",_23 "profile_image": null,_23 "store_api_key": null,_23 "reset_passwd": false,_23 "is_active": true,_23 "is_superuser": true,_23 "is_locked": false,_23 "is_sso": false,_23 "enable_login": true,_23 "create_at": "2026-04-28T09:00:00",_23 "updated_at": "2026-04-28T09:30:00",_23 "last_login_at": "2026-04-28T09:29:58",_23 "optins": {_23 "github_starred": false,_23 "dialog_dismissed": true,_23 "discord_clicked": false_23 }_23}
List all users
Get a paginated list of users.
This route requires authenticated user-management read permission. Non-superusers must provide a valid tenant scope header.
_10curl -X GET \_10 "$SKILLFLAW_URL/api/v1/users/?skip=0&limit=10&search=admin&sort_by=username&sort_order=asc" \_10 -H "accept: application/json" \_10 -H "x-api-key: $SKILLFLAW_API_KEY" \_10 -H "tenant-id: $TENANT_ID"
Supported filters include search, is_active, is_superuser, is_locked, is_sso, and enable_login.
Sortable fields are id, username, nickname, is_active, is_superuser, is_locked, is_sso, enable_login, mobile, and email.
Result
_29{_29 "total_count": 2,_29 "users": [_29 {_29 "id": 1,_29 "username": "skillflaw",_29 "nickname": "System Admin",_29 "mobile": "1380000****",_29 "email": "admin@example.com",_29 "profile_image": null,_29 "store_api_key": null,_29 "reset_passwd": false,_29 "is_active": true,_29 "is_superuser": true,_29 "is_locked": false,_29 "is_sso": false,_29 "enable_login": true,_29 "api_key": "",_29 "create_at": "2026-04-28T09:00:00",_29 "updated_at": "2026-04-28T09:30:00",_29 "last_login_at": "2026-04-28T09:29:58",_29 "optins": {_29 "github_starred": false,_29 "dialog_dismissed": true,_29 "discord_clicked": false_29 }_29 }_29 ]_29}
Update user
Modify an existing user with a PATCH request.
- Updating another user requires user-management modify permission.
- Updating your own profile is allowed through the settings permission path.
- Regular users can't elevate
is_superuser. - Supplying
passwordin this route is only supported for superusers. - Normal password changes should use Reset password.
- If you set
enable_logintofalse, you must also provide a unique non-emptyapi_key.
_12curl -X PATCH \_12 "$SKILLFLAW_URL/api/v1/users/101" \_12 -H "Content-Type: application/json" \_12 -H "x-api-key: $SKILLFLAW_API_KEY" \_12 -H "tenant-id: $TENANT_ID" \_12 -d '{_12 "nickname": "Knowledge Curator",_12 "email": "newuser2@example.com",_12 "is_active": true,_12 "enable_login": false,_12 "api_key": "user-api-key-101"_12 }'
Result
_24{_24 "id": 101,_24 "username": "newuser2",_24 "nickname": "Knowledge Curator",_24 "mobile": "",_24 "email": "newuser2@example.com",_24 "profile_image": null,_24 "store_api_key": null,_24 "reset_passwd": false,_24 "is_active": true,_24 "is_superuser": false,_24 "is_locked": false,_24 "is_sso": false,_24 "enable_login": false,_24 "api_key": "user-api-key-101",_24 "create_at": "2026-04-28T10:15:20",_24 "updated_at": "2026-04-28T10:20:04",_24 "last_login_at": null,_24 "optins": {_24 "github_starred": false,_24 "dialog_dismissed": false,_24 "discord_clicked": false_24 }_24}
Reset password
Reset a user's password.
- Resetting your own password requires
current_password. - Resetting another user's password requires user-management modify permission.
- The new password must be at least 8 characters long and include uppercase, lowercase, a number, and a special character.
- You can't reuse the current password.
_10curl -X PATCH \_10 "$SKILLFLAW_URL/api/v1/users/101/reset-password" \_10 -H "Content-Type: application/json" \_10 -H "x-api-key: $SKILLFLAW_API_KEY" \_10 -d '{_10 "current_password": "OldPassw0rd!",_10 "password": "NewPassw0rd!"_10 }'
Result
_24{_24 "id": 101,_24 "username": "newuser2",_24 "nickname": "Knowledge Curator",_24 "mobile": "",_24 "email": "newuser2@example.com",_24 "profile_image": null,_24 "store_api_key": null,_24 "reset_passwd": false,_24 "is_active": true,_24 "is_superuser": false,_24 "is_locked": false,_24 "is_sso": false,_24 "enable_login": false,_24 "api_key": "user-api-key-101",_24 "create_at": "2026-04-28T10:15:20",_24 "updated_at": "2026-04-28T10:24:11",_24 "last_login_at": null,_24 "optins": {_24 "github_starred": false,_24 "dialog_dismissed": false,_24 "discord_clicked": false_24 }_24}
Delete user
Delete a user account.
- You can't delete your own account with this endpoint.
- Deleting another user requires user-management delete permission.
- Non-superusers can't delete a superuser account.
_10curl -X DELETE \_10 "$SKILLFLAW_URL/api/v1/users/101" \_10 -H "accept: application/json" \_10 -H "x-api-key: $SKILLFLAW_API_KEY" \_10 -H "tenant-id: $TENANT_ID"
Result
_10{_10 "detail": "User deleted"_10}