Users

API Reference for ProcessMaker Users API

Returns all users

get

Display a listing of the resource.

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

statusstring · enumOptional

ACTIVE or INACTIVE

Possible values:

filterstringOptional

Filter results by string. Searches First Name, Last Name, Email and Username.

order_bystringOptional

Field to order results by

order_directionstring · enumOptionalDefault: ascPossible values:

per_pageintegerOptionalDefault: 10

includestringOptional

Include data from related models in payload. Comma separated list.

Default: ""

exclude_idsstringOptional

Comma separated list of IDs to exclude from the response

Default: ""

Responses

200

list of users

application/json

get

/users

HTTPcURLJavaScriptPython

GET /api/1.0/users HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

list of users

{
  "data": [
    {
      "email": "name@gmail.com",
      "firstname": "text",
      "lastname": "text",
      "username": "text",
      "password": "text",
      "address": "text",
      "city": "text",
      "state": "text",
      "postal": "text",
      "country": "text",
      "phone": "text",
      "fax": "text",
      "cell": "text",
      "title": "text",
      "timezone": "text",
      "datetime_format": "text",
      "language": "text",
      "is_administrator": true,
      "expires_at": "text",
      "loggedin_at": "text",
      "remember_token": "text",
      "status": "ACTIVE",
      "fullname": "text",
      "avatar": "text",
      "media": [
        {
          "id": 1,
          "model_id": 1,
          "model_type": "text",
          "collection_name": "text",
          "name": "text",
          "file_name": "text",
          "mime_type": "text",
          "disk": "text",
          "size": 1,
          "manipulations": {},
          "custom_properties": {},
          "responsive_images": {},
          "order_column": 1,
          "created_at": "2026-01-07T12:41:39.070Z",
          "updated_at": "2026-01-07T12:41:39.070Z"
        }
      ],
      "birthdate": "2026-01-07",
      "delegation_user_id": "text",
      "manager_id": "text",
      "meta": {
        "ANY_ADDITIONAL_PROPERTY": "anything"
      },
      "force_change_password": true,
      "id": 1,
      "created_at": "2026-01-07T12:41:39.070Z",
      "updated_at": "2026-01-07T12:41:39.070Z",
      "deleted_at": "2026-01-07T12:41:39.070Z"
    }
  ],
  "meta": {
    "filter": "text",
    "sort_by": "text",
    "sort_order": "asc",
    "count": 1,
    "total_pages": 1,
    "current_page": 1,
    "form": 1,
    "last_page": 1,
    "path": "text",
    "per_page": 1,
    "to": 1,
    "total": 1
  }
}

Save a new users

post

Store a newly created resource in storage.

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

application/json

emailstring · emailOptional

The attributes that are mass assignable.

firstnamestringOptional

lastnamestringOptional

usernamestringOptional

passwordstringOptional

addressstringOptional

citystringOptional

statestringOptional

postalstringOptional

countrystringOptional

phonestringOptional

faxstringOptional

cellstringOptional

titlestringOptional

timezonestringOptional

datetime_formatstringOptional

languagestringOptional

is_administratorbooleanOptional

expires_atstringOptional

loggedin_atstringOptional

remember_tokenstringOptional

statusstring · enumOptionalPossible values:

fullnamestringOptional

avatarstringOptional

birthdatestring · dateOptional

delegation_user_idstring · idOptional

manager_idstring · idOptional

force_change_passwordbooleanOptional

Responses

201

success

application/json

422

Unprocessable Entity

application/json

post

/users

HTTPcURLJavaScriptPython

POST /api/1.0/users HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 899

{
  "email": "name@gmail.com",
  "firstname": "text",
  "lastname": "text",
  "username": "text",
  "password": "text",
  "address": "text",
  "city": "text",
  "state": "text",
  "postal": "text",
  "country": "text",
  "phone": "text",
  "fax": "text",
  "cell": "text",
  "title": "text",
  "timezone": "text",
  "datetime_format": "text",
  "language": "text",
  "is_administrator": true,
  "expires_at": "text",
  "loggedin_at": "text",
  "remember_token": "text",
  "status": "ACTIVE",
  "fullname": "text",
  "avatar": "text",
  "media": [
    {
      "id": 1,
      "model_id": 1,
      "model_type": "text",
      "collection_name": "text",
      "name": "text",
      "file_name": "text",
      "mime_type": "text",
      "disk": "text",
      "size": 1,
      "manipulations": {},
      "custom_properties": {},
      "responsive_images": {},
      "order_column": 1,
      "created_at": "2026-01-07T12:41:39.070Z",
      "updated_at": "2026-01-07T12:41:39.070Z"
    }
  ],
  "birthdate": "2026-01-07",
  "delegation_user_id": "text",
  "manager_id": "text",
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  },
  "force_change_password": true
}

{
  "email": "name@gmail.com",
  "firstname": "text",
  "lastname": "text",
  "username": "text",
  "password": "text",
  "address": "text",
  "city": "text",
  "state": "text",
  "postal": "text",
  "country": "text",
  "phone": "text",
  "fax": "text",
  "cell": "text",
  "title": "text",
  "timezone": "text",
  "datetime_format": "text",
  "language": "text",
  "is_administrator": true,
  "expires_at": "text",
  "loggedin_at": "text",
  "remember_token": "text",
  "status": "ACTIVE",
  "fullname": "text",
  "avatar": "text",
  "media": [
    {
      "id": 1,
      "model_id": 1,
      "model_type": "text",
      "collection_name": "text",
      "name": "text",
      "file_name": "text",
      "mime_type": "text",
      "disk": "text",
      "size": 1,
      "manipulations": {},
      "custom_properties": {},
      "responsive_images": {},
      "order_column": 1,
      "created_at": "2026-01-07T12:41:39.070Z",
      "updated_at": "2026-01-07T12:41:39.070Z"
    }
  ],
  "birthdate": "2026-01-07",
  "delegation_user_id": "text",
  "manager_id": "text",
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  },
  "force_change_password": true,
  "id": 1,
  "created_at": "2026-01-07T12:41:39.070Z",
  "updated_at": "2026-01-07T12:41:39.070Z",
  "deleted_at": "2026-01-07T12:41:39.070Z"
}

Get single user by ID

get

Display the specified resource.

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

ID of user to return

Responses

200

Successfully found the process

application/json

404

Not Found

application/json

get

/users/{user_id}

HTTPcURLJavaScriptPython

GET /api/1.0/users/{user_id} HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "email": "name@gmail.com",
  "firstname": "text",
  "lastname": "text",
  "username": "text",
  "password": "text",
  "address": "text",
  "city": "text",
  "state": "text",
  "postal": "text",
  "country": "text",
  "phone": "text",
  "fax": "text",
  "cell": "text",
  "title": "text",
  "timezone": "text",
  "datetime_format": "text",
  "language": "text",
  "is_administrator": true,
  "expires_at": "text",
  "loggedin_at": "text",
  "remember_token": "text",
  "status": "ACTIVE",
  "fullname": "text",
  "avatar": "text",
  "media": [
    {
      "id": 1,
      "model_id": 1,
      "model_type": "text",
      "collection_name": "text",
      "name": "text",
      "file_name": "text",
      "mime_type": "text",
      "disk": "text",
      "size": 1,
      "manipulations": {},
      "custom_properties": {},
      "responsive_images": {},
      "order_column": 1,
      "created_at": "2026-01-07T12:41:39.070Z",
      "updated_at": "2026-01-07T12:41:39.070Z"
    }
  ],
  "birthdate": "2026-01-07",
  "delegation_user_id": "text",
  "manager_id": "text",
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  },
  "force_change_password": true,
  "id": 1,
  "created_at": "2026-01-07T12:41:39.070Z",
  "updated_at": "2026-01-07T12:41:39.070Z",
  "deleted_at": "2026-01-07T12:41:39.070Z"
}

Update a user

put

Update a user

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

ID of user to return

Body

application/json

emailstring · emailOptional

The attributes that are mass assignable.

firstnamestringOptional

lastnamestringOptional

usernamestringOptional

passwordstringOptional

addressstringOptional

citystringOptional

statestringOptional

postalstringOptional

countrystringOptional

phonestringOptional

faxstringOptional

cellstringOptional

titlestringOptional

timezonestringOptional

datetime_formatstringOptional

languagestringOptional

is_administratorbooleanOptional

expires_atstringOptional

loggedin_atstringOptional

remember_tokenstringOptional

statusstring · enumOptionalPossible values:

fullnamestringOptional

avatarstringOptional

birthdatestring · dateOptional

delegation_user_idstring · idOptional

manager_idstring · idOptional

force_change_passwordbooleanOptional

Responses

204

success

404

Not Found

application/json

422

Unprocessable Entity

application/json

put

/users/{user_id}

HTTPcURLJavaScriptPython

PUT /api/1.0/users/{user_id} HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 899

{
  "email": "name@gmail.com",
  "firstname": "text",
  "lastname": "text",
  "username": "text",
  "password": "text",
  "address": "text",
  "city": "text",
  "state": "text",
  "postal": "text",
  "country": "text",
  "phone": "text",
  "fax": "text",
  "cell": "text",
  "title": "text",
  "timezone": "text",
  "datetime_format": "text",
  "language": "text",
  "is_administrator": true,
  "expires_at": "text",
  "loggedin_at": "text",
  "remember_token": "text",
  "status": "ACTIVE",
  "fullname": "text",
  "avatar": "text",
  "media": [
    {
      "id": 1,
      "model_id": 1,
      "model_type": "text",
      "collection_name": "text",
      "name": "text",
      "file_name": "text",
      "mime_type": "text",
      "disk": "text",
      "size": 1,
      "manipulations": {},
      "custom_properties": {},
      "responsive_images": {},
      "order_column": 1,
      "created_at": "2026-01-07T12:41:39.070Z",
      "updated_at": "2026-01-07T12:41:39.070Z"
    }
  ],
  "birthdate": "2026-01-07",
  "delegation_user_id": "text",
  "manager_id": "text",
  "meta": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  },
  "force_change_password": true
}

No content

Delete a user

delete

Delete a user

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

ID of user to delete

Responses

204

success

404

Not Found

application/json

delete

/users/{user_id}

HTTPcURLJavaScriptPython

DELETE /api/1.0/users/{user_id} HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Set the groups a users belongs to

put

Update a user's groups

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

ID of user

Body

application/json

groupsinteger[]OptionalExample: 1

Responses

204

success

put

/users/{user_id}/groups

HTTPcURLJavaScriptPython

PUT /api/1.0/users/{user_id}/groups HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 14

{
  "groups": [
    1
  ]
}

204

success

No content

Restore a soft deleted user

put

Reverses the soft delete of a user

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

application/json

usernamestringOptional

Username to restore

Responses

200

success

No content

put

/users/restore

HTTPcURLJavaScriptPython

PUT /api/1.0/users/restore HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 19

{
  "username": "text"
}

200

success

No content

Display listing of access tokens for the specified user.

get

Display listing of access tokens for the specified user.

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

User id

Query parameters

per_pageintegerOptionalDefault: 10

Responses

200

List of tokens.

application/json

get

/users/{user_id}/tokens

HTTPcURLJavaScriptPython

GET /api/1.0/users/{user_id}/tokens HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

List of tokens.

{
  "data": [
    {
      "id": "text",
      "user_id": 1,
      "client_id": 1,
      "name": "text",
      "scopes": {},
      "revoked": true,
      "client": {
        "id": 1,
        "user_id": 1,
        "name": "text",
        "provider": "text",
        "redirect": "text",
        "personal_access_client": true,
        "password_client": true,
        "revoked": true,
        "created_at": "2026-01-07T12:41:39.070Z",
        "updated_at": "2026-01-07T12:41:39.070Z"
      },
      "created_at": "2026-01-07T12:41:39.070Z",
      "updated_at": "2026-01-07T12:41:39.070Z",
      "expires_at": "2026-01-07T12:41:39.070Z"
    }
  ],
  "meta": {
    "filter": "text",
    "sort_by": "text",
    "sort_order": "asc",
    "count": 1,
    "total_pages": 1,
    "current_page": 1,
    "form": 1,
    "last_page": 1,
    "path": "text",
    "per_page": 1,
    "to": 1,
    "total": 1
  }
}

Create new token for a specific user

post

Create a new personal access token for the user.

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

User id

Body

application/json

namestringOptional

Responses

201

New token instance

application/json

post

/users/{user_id}/tokens

HTTPcURLJavaScriptPython

POST /api/1.0/users/{user_id}/tokens HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 15

{
  "name": "text"
}

201

New token instance

{
  "id": "text",
  "user_id": 1,
  "client_id": 1,
  "name": "text",
  "scopes": {},
  "revoked": true,
  "client": {
    "id": 1,
    "user_id": 1,
    "name": "text",
    "provider": "text",
    "redirect": "text",
    "personal_access_client": true,
    "password_client": true,
    "revoked": true,
    "created_at": "2026-01-07T12:41:39.070Z",
    "updated_at": "2026-01-07T12:41:39.070Z"
  },
  "created_at": "2026-01-07T12:41:39.070Z",
  "updated_at": "2026-01-07T12:41:39.070Z",
  "expires_at": "2026-01-07T12:41:39.070Z"
}

Get single token by ID

get

Show a personal access token for the user

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

ID of user

token_idstringRequired

ID of token to return

Responses

200

Successfully found the token

application/json

get

/users/{user_id}/tokens/{token_id}

HTTPcURLJavaScriptPython

GET /api/1.0/users/{user_id}/tokens/{token_id} HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

Successfully found the token

{
  "id": "text",
  "user_id": 1,
  "client_id": 1,
  "name": "text",
  "scopes": {},
  "revoked": true,
  "client": {
    "id": 1,
    "user_id": 1,
    "name": "text",
    "provider": "text",
    "redirect": "text",
    "personal_access_client": true,
    "password_client": true,
    "revoked": true,
    "created_at": "2026-01-07T12:41:39.070Z",
    "updated_at": "2026-01-07T12:41:39.070Z"
  },
  "created_at": "2026-01-07T12:41:39.070Z",
  "updated_at": "2026-01-07T12:41:39.070Z",
  "expires_at": "2026-01-07T12:41:39.070Z"
}

Delete a token

delete

Delete the given token for a user

Authorizations

passport & bearer

OAuth2authorizationCodeRequired

Laravel passport oauth2 security.

Authorization URL: Token URL: Refresh URL:

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

user_idintegerRequired

User ID

token_idstringRequired

Token ID

Responses

204

success

delete

/users/{user_id}/tokens/{token_id}

HTTPcURLJavaScriptPython

DELETE /api/1.0/users/{user_id}/tokens/{token_id} HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

204

success

No content