List Users
Lists Command Center users in the current tenant — users whose role grants
console access (any role with at least one permission), plus legacy super-admin/admin
accounts. Students and other roles with no console access are excluded; manage
students via Students instead.
Authentication
Requires USER_MANAGEMENT.can_view permission.
Query parameters
Number of records to skip.
Max records to return (1-100).
Further narrow by legacy role: FACULTY, ADMIN, or SUPER_ADMIN. Filtering by STUDENT returns no results, since students are not Command Center users.
Include deactivated/deleted users.
Example request
curl "https://staging-be.mind.miva.university/v1/console/users?role=FACULTY&limit=10" \
-H "Authorization: Bearer <access_token>"
Response
{
"success": true,
"data": [
{
"id": "6650a1b2c3d4e5f6a7b8c9d0",
"email": "john.doe@example.com",
"first_name": "John",
"last_name": "Doe",
"display_name": "John Doe",
"role_id": "6650a0b1c2d3e4f5a6b7c8da",
"role_name": "Faculty",
"status": "ACTIVE",
"created_at": "2025-01-15T10:30:00Z"
}
],
"total": 1,
"page": 1,
"page_size": 10,
"total_pages": 1,
"message": null
}
Create User (Invite)
Invite a new user to the platform. No password is set — the user signs in via CAS SSO. An invite email is sent automatically.
Authentication
Requires USER_MANAGEMENT.can_create permission.
Request body
Email address. Must be unique within the tenant.
First name. Max 255 characters.
Last name. Max 255 characters.
Middle name. Max 255 characters.
The role to assign. Must be a valid role ID belonging to the tenant. The Student and Super Admin system roles cannot be assigned — only Admin, Faculty, and custom roles may be invited to the Command Center.
Programme codes the user belongs to (e.g. ["MPH"], ["MBA", "MIT"]). Each must match a programme in the Programmes list. Empty list means no programme affiliation — the user will only see case studies that are open to all programmes. Example request
curl -X POST https://staging-be.mind.miva.university/v1/console/users \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
"email": "faculty@example.com",
"first_name": "John",
"last_name": "Doe",
"role_id": "6650a0b1c2d3e4f5a6b7c8da",
"programme_codes": ["MPH", "MBA"]
}'
Response
{
"success": true,
"data": {
"id": "6650b2c3d4e5f6a7b8c9d0e1",
"email": "faculty@example.com",
"first_name": "John",
"last_name": "Doe",
"middle_name": null,
"display_name": "John Doe",
"role_id": "6650a0b1c2d3e4f5a6b7c8da",
"role_name": "Faculty",
"status": "ACTIVE",
"title": null,
"department": null,
"unlimited_sessions": false,
"programme_codes": ["MPH", "MBA"],
"last_activity_at": null,
"created_at": "2025-06-01T14:00:00Z",
"updated_at": null
},
"message": "User created successfully"
}
Error responses
| Status | Code | Condition |
|---|
409 | CONFLICT | Email already exists in this tenant |
404 | NOT_FOUND | Role ID not found |
400 | VALIDATION_ERROR | Role cannot be assigned to a Command Center user (Student or Super Admin) |
422 | VALIDATION_ERROR | Invalid email format |
Get User
GET /v1/console/users/{user_id}
Authentication
Requires USER_MANAGEMENT.can_view permission.
Path parameters
Example request
curl https://staging-be.mind.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0 \
-H "Authorization: Bearer <access_token>"
Response
Returns the full user object (same shape as the data in Create User response).
Update User
PATCH /v1/console/users/{user_id}
Authentication
Requires USER_MANAGEMENT.can_edit permission.
Path parameters
Request body
New role ID. Cannot be set to the Student or Super Admin system roles.
User status: ACTIVE, INACTIVE, or DELETED.
Bypass session attempt limits.
Replace the programme codes the user belongs to. Each must match a programme in the Programmes list. Pass [] to remove all programme affiliations. Example request
curl -X PATCH https://staging-be.mind.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0 \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
"role_id": "6650a0b1c2d3e4f5a6b7c8da",
"unlimited_sessions": true
}'
Response
Returns the full updated user object.
Activate User
POST /v1/console/users/{user_id}/activate
ACTIVE.
Authentication
Requires USER_MANAGEMENT.can_edit permission.
Path parameters
Example request
curl -X POST https://staging-be.mind.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0/activate \
-H "Authorization: Bearer <access_token>"
Response
Returns the updated user object with status: "ACTIVE".
Deactivate User
POST /v1/console/users/{user_id}/deactivate
Authentication
Requires USER_MANAGEMENT.can_edit permission.
Path parameters
Example request
curl -X POST https://staging-be.mind.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0/deactivate \
-H "Authorization: Bearer <access_token>"
Response
Returns the updated user object with status: "INACTIVE".
Resend Invite
POST /v1/console/users/{user_id}/resend-invite
Authentication
Requires USER_MANAGEMENT.can_edit permission.
Path parameters
Example request
curl -X POST https://staging-be.mind.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0/resend-invite \
-H "Authorization: Bearer <access_token>"
Response
Returns the updated user object.
Error responses
| Status | Code | Condition |
|---|
400 | VALIDATION_ERROR | User has already accepted the invite |
Delete User
DELETE /v1/console/users/{user_id}
DELETED.
Authentication
Requires USER_MANAGEMENT.can_delete permission.
Path parameters
Example request
curl -X DELETE https://staging-be.mind.miva.university/v1/console/users/6650a1b2c3d4e5f6a7b8c9d0 \
-H "Authorization: Bearer <access_token>"
Response
Returns the soft-deleted user object with status: "DELETED".
