Skip to main content

List Users

GET /v1/console/users
List all users in the current tenant.

Authentication

Requires USER_MANAGEMENT.can_view permission.

Query parameters

skip
integer
default:"0"
Number of records to skip.
limit
integer
default:"20"
Max records to return (1-100).
role
string
Filter by legacy role: STUDENT, FACULTY, ADMIN, or SUPER_ADMIN.
include_inactive
boolean
default:"false"
Include deactivated/deleted users.

Example request

curl "https://mind-be.staging.miva.university/v1/console/users?role=STUDENT&limit=10" \
  -H "Authorization: Bearer <access_token>"

Response

{
  "success": true,
  "data": [
    {
      "id": "6650a1b2c3d4e5f6a7b8c9d0",
      "email": "student@example.com",
      "first_name": "Jane",
      "last_name": "Smith",
      "display_name": "Jane Smith",
      "role_id": "6650a0b1c2d3e4f5a6b7c8d9",
      "role_name": "Student",
      "status": "ACTIVE",
      "created_at": "2025-01-15T10:30:00Z"
    }
  ],
  "total": 1,
  "page": 1,
  "page_size": 10,
  "total_pages": 1,
  "message": null
}

Create User (Invite)

POST /v1/console/users
Invite a new user to the platform. No password is set — the user signs in via CAS SSO. An invite email is sent automatically.

Authentication

Requires USER_MANAGEMENT.can_create permission.

Request body

email
string
required
Email address. Must be unique within the tenant.
first_name
string
required
First name. Max 255 characters.
last_name
string
required
Last name. Max 255 characters.
middle_name
string
Middle name. Max 255 characters.
role_id
string
required
The role to assign. Must be a valid role ID belonging to the tenant.

Example request

curl -X POST https://mind-be.staging.miva.university/v1/console/users \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "faculty@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "role_id": "6650a0b1c2d3e4f5a6b7c8da"
  }'

Response

{
  "success": true,
  "data": {
    "id": "6650b2c3d4e5f6a7b8c9d0e1",
    "email": "faculty@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "middle_name": null,
    "display_name": "John Doe",
    "role_id": "6650a0b1c2d3e4f5a6b7c8da",
    "role_name": "Faculty",
    "status": "ACTIVE",
    "title": null,
    "department": null,
    "unlimited_sessions": false,
    "last_activity_at": null,
    "created_at": "2025-06-01T14:00:00Z",
    "updated_at": null
  },
  "message": "User created successfully"
}

Error responses

StatusCodeCondition
409CONFLICTEmail already exists in this tenant
404NOT_FOUNDRole ID not found
422VALIDATION_ERRORInvalid email format

Get User

GET /v1/console/users/{user_id}
Get a specific user by ID.

Authentication

Requires USER_MANAGEMENT.can_view permission.

Path parameters

user_id
string
required
The user’s ID.

Example request

curl https://mind-be.staging.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0 \
  -H "Authorization: Bearer <access_token>"

Response

Returns the full user object (same shape as the data in Create User response).

Update User

PATCH /v1/console/users/{user_id}
Update any user in the tenant. Can change name, role, status, and session limits.

Authentication

Requires USER_MANAGEMENT.can_edit permission.

Path parameters

user_id
string
required
The user’s ID.

Request body

first_name
string
Updated first name.
last_name
string
Updated last name.
middle_name
string
Updated middle name.
role_id
string
New role ID.
status
string
User status: ACTIVE, INACTIVE, or DELETED.
title
string
Job title.
department
string
Department.
unlimited_sessions
boolean
Bypass session attempt limits.

Example request

curl -X PATCH https://mind-be.staging.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0 \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "role_id": "6650a0b1c2d3e4f5a6b7c8da",
    "unlimited_sessions": true
  }'

Response

Returns the full updated user object.

Activate User

POST /v1/console/users/{user_id}/activate
Reactivate a previously deactivated user. Sets status to ACTIVE.

Authentication

Requires USER_MANAGEMENT.can_edit permission.

Path parameters

user_id
string
required
The user’s ID.

Example request

curl -X POST https://mind-be.staging.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0/activate \
  -H "Authorization: Bearer <access_token>"

Response

Returns the updated user object with status: "ACTIVE".

Deactivate User

POST /v1/console/users/{user_id}/deactivate
Deactivate a user. They will not be able to log in, but their data is preserved.

Authentication

Requires USER_MANAGEMENT.can_edit permission.

Path parameters

user_id
string
required
The user’s ID.

Example request

curl -X POST https://mind-be.staging.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0/deactivate \
  -H "Authorization: Bearer <access_token>"

Response

Returns the updated user object with status: "INACTIVE".

Resend Invite

POST /v1/console/users/{user_id}/resend-invite
Resend the invite email with a fresh 7-day token. Only works for users who haven’t accepted their invite yet.

Authentication

Requires USER_MANAGEMENT.can_edit permission.

Path parameters

user_id
string
required
The user’s ID.

Example request

curl -X POST https://mind-be.staging.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0/resend-invite \
  -H "Authorization: Bearer <access_token>"

Response

Returns the updated user object.

Error responses

StatusCodeCondition
400VALIDATION_ERRORUser has already accepted the invite

Delete User

DELETE /v1/console/users/{user_id}
Soft-delete a user. Sets status to DELETED.

Authentication

Requires USER_MANAGEMENT.can_delete permission.

Path parameters

user_id
string
required
The user’s ID.

Example request

curl -X DELETE https://mind-be.staging.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0 \
  -H "Authorization: Bearer <access_token>"

Response

Returns the soft-deleted user object with status: "DELETED".