User management

Check the User Management API reference here.

Manage yours and your merchant's users.

You can manage your users and your merchant's users through PPaaS User Management APIs. You can also work with groups of users for your organization and your merchants.

Prerequisites

User Management APIs require to have access to the following information:

  • organizationId: The unique identifier of your organization in the provisioning system.

  • merchantId: The unique identifier of a merchant of your organization in the provisioning system.

  • entityId: Depending on the context of your request, provide the organizationId or merchantId.

  • userDomainId: The unique identifier of your organization in our identity provided. It is dedicated to your organization and its merchants.

organizationId and userDomainId are provided to your company once it is onboarded on PPaaS. merchantId can be retrieved using the search API of provisioning system.

Groups Management

The groups are predefined and correspond to the different roles available at the organization or merchant level.

Organization level

At the organization level, default groups are:

  • {organizationId}_org_admin: The organization administrator can perform onboarding actions (provisioning, user management, configuration). The administrator can also manage applications and access to transaction reporting.

  • {organizationId}_org_custcare: The customer care user can access provisioning and reporting data.

  • {organizationId}_org_dfo: The Device Fleet Operator (DFO) can manage the organisation's devices.

  • {organizationId}_org_dev: The developer can manage applications.

These groups are created when your company is onboarded to PPaaS.

The organizationId is the unique identifier of your organization in the provisioning system.

Merchant level

At the merchant level, default groups are:

  • {merchantId}_merchant_manager: The merchant manager can perform administration actions (provisioning, user management, configuration). The merchant manager can also perform all the payment actions and can access transaction reporting.

  • {merchantId}_org_supervisor: The merchant supervisor can access the provisioning and reporting data. The merchant supervisor can also perform refunds by web actions.

  • {merchantId}_org_operator: The merchant operator can perform transaction debit actions.

User Management

The following endpoints are available to manage your users:

List users

To list all the users of an organization or merchant, call the method ``.

Create a user

To create a user, call the method POST /user-management/v2/user-domains/{userDomainId}/users. Once a user is created, the user will receive an email. The user can click on the link provided in the email to verify the e-mail address and set the password.

entityId must be set with the unique identifier of the organization or merchant to which the new user will be attached. scope defines on which entity the new user can do some actions.

The list of allowed groups for different type of user creation (i.e. for organization or a merchant) is described in organization/ merchant level section of group management.

Edit a user

To edit a user, call the method PUT /user-management/v2/user-domains/{userDomainId}/users/{userId}. All fields are the same as for the creation, except for usernameentityId and scope that is read-only.

userId is present in the response of the create user endpoint, or it can be retrieved from the list users API.

Get the details of a user

To get the details of a user, call the method GET /user-management/v2/user-domains/{userDomainId}/users/{userId}.

Activate or deactivate a user

To activate or deactivate a user, call the method PUT /user-management/v2/user-domains/{userDomainId}/users/{userId}/status.

A deactivated user is completely blocked from login and accessing PPaaS functionalities.

Reset the password of a user

To reset the password of a user, call the method POST /user-management/v2/user-domains/{userDomainId}/users/{userId}/reset-password. The user will receive an email to set the password.