FusionAuth · Capability

FusionAuth API — User

FusionAuth API — User. 55 operations. Lead operation: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi. Self-contained Naftiko capability covering one business surface.

FusionAuth API — User is a Naftiko capability published by FusionAuth, one of 33 capabilities the APIs.io network indexes for this provider. It bundles 55 operations across the POST, GET, DELETE, PUT, and PATCH methods rooted at /v1/api/user.

The capability includes 16 read-only operations and 39 state-changing operations. Lead operation: Creates a user. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include FusionAuth and User.

Run with Naftiko FusionAuthUser

What You Can Do

POST
Createuser — Creates a user. You can optionally specify an Id for the user, if not provided one will be generated.
/v1/api/user
GET
Retrieveuser — Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi
/v1/api/user
POST
Actionuserwithid — Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the "actioner". Both us
/v1/api/user/action
GET
Retrieveuseractioning — Retrieves all the actions for the user with the given Id that are currently inactive. An inactive action means one that is time based and ha
/v1/api/user/action
DELETE
Cancelactionwithid — Cancels the user action.
/v1/api/user/action/{actionId}
PUT
Modifyactionwithid — Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the action.
/v1/api/user/action/{actionId}
GET
Retrieveactionwithid — Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id.
/v1/api/user/action/{actionId}
DELETE
Deleteuserbulk — Deletes the users with the given Ids, or users matching the provided JSON query or queryString. The order of preference is Ids, query and th
/v1/api/user/bulk
POST
Createuserchangepassword — Changes a user's password using their access token (JWT) instead of the changePasswordId A common use case for this method will be if you wa
/v1/api/user/change-password
GET
Retrieveuserchangepassword — Check to see if the user must obtain a Trust Request Id in order to complete a change password request. When a user has enabled Two-Factor a
/v1/api/user/change-password
POST
Changepasswordwithid — Changes a user's password using the change password Id. This usually occurs after an email has been sent to the user and they clicked on a l
/v1/api/user/change-password/{changePasswordId}
GET
Retrieveuserchangepasswordwithid — Check to see if the user must obtain a Trust Token Id in order to complete a change password request. When a user has enabled Two-Factor aut
/v1/api/user/change-password/{changePasswordId}
POST
Commentonuserwithid — Adds a comment to the user's account.
/v1/api/user/comment
POST
Searchusercommentswithid — Searches user comments with the specified criteria and pagination.
/v1/api/user/comment/search
GET
Retrieveusercommentswithid — Retrieves all the comments for the user with the given Id.
/v1/api/user/comment/{userId}
POST
Createuserconsent — Creates a single User consent.
/v1/api/user/consent
GET
Retrieveuserconsentswithid — Retrieves all the consents for a User.
/v1/api/user/consent
POST
Createuserconsentwithid — Creates a single User consent.
/v1/api/user/consent/{userConsentId}
PATCH
Patchuserconsentwithid — Updates, via PATCH, a single User consent by Id.
/v1/api/user/consent/{userConsentId}
GET
Retrieveuserconsentwithid — Retrieve a single User consent by Id.
/v1/api/user/consent/{userConsentId}
DELETE
Revokeuserconsentwithid — Revokes a single User consent by Id.
/v1/api/user/consent/{userConsentId}
PUT
Updateuserconsentwithid — Updates a single User consent by Id.
/v1/api/user/consent/{userConsentId}
POST
Createfamily — Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family
/v1/api/user/family
GET
Retrievefamilieswithid — Retrieves all the families that a user belongs to.
/v1/api/user/family
GET
Retrievependingchildrenwithid — Retrieves all the children for the given parent email address.
/v1/api/user/family/pending
POST
Sendfamilyrequestemailwithid — Sends out an email to a parent that they need to register and create a family or need to log in and add a child to their existing family.
/v1/api/user/family/request
PUT
Updateuserfamilywithid — Updates a family with a given Id. OR Adds a user to an existing family. The family Id must be specified.
/v1/api/user/family/{familyId}
POST
Createfamilywithid — Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family
/v1/api/user/family/{familyId}
GET
Retrievefamilymembersbyfamilyidwithid — Retrieves all the members of a family by the unique Family Id.
/v1/api/user/family/{familyId}
DELETE
Removeuserfromfamilywithid — Removes a user from the family with the given Id.
/v1/api/user/family/{familyId}/{userId}
POST
Forgotpasswordwithid — Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password.
/v1/api/user/forgot-password
POST
Importuserswithid — Bulk imports users. This request performs minimal validation and runs batch inserts of users with the expectation that each user does not ye
/v1/api/user/import
GET
Retrieveuserrecentlogin — Retrieves the last number of login records for a user. OR Retrieves the last number of login records.
/v1/api/user/recent-login
POST
Importrefreshtokenswithid — Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that eac
/v1/api/user/refresh-token/import
POST
Register — Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel
/v1/api/user/registration
PATCH
Patchregistrationwithid — Updates, via PATCH, the registration for the user with the given Id and the application defined in the request.
/v1/api/user/registration/{userId}
POST
Registerwithid — Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel
/v1/api/user/registration/{userId}
PUT
Updateregistrationwithid — Updates the registration for the user with the given Id and the application defined in the request.
/v1/api/user/registration/{userId}
DELETE
Deleteuserregistrationwithid — Deletes the user registration for the given user and application along with the given JSON body that contains the event information. OR Dele
/v1/api/user/registration/{userId}/{applicationId}
GET
Retrieveregistrationwithid — Retrieves the user registration for the user with the given Id and the given application Id.
/v1/api/user/registration/{userId}/{applicationId}
GET
Searchusersbyidswithid — Retrieves the users for the given Ids. If any Id is invalid, it is ignored.
/v1/api/user/search
POST
Searchusersbyquerywithid — Retrieves the users for the given search criteria and pagination.
/v1/api/user/search
POST
Generatetwofactorrecoverycodeswithid — Generate two-factor recovery codes for a user. Generating two-factor recovery codes will invalidate any existing recovery codes.
/v1/api/user/two-factor/recovery-code/{userId}
GET
Retrievetwofactorrecoverycodeswithid — Retrieve two-factor recovery codes for a user.
/v1/api/user/two-factor/recovery-code/{userId}
DELETE
Deleteusertwofactorwithid — Disable two-factor authentication for a user using a JSON body rather than URL parameters. OR Disable two-factor authentication for a user.
/v1/api/user/two-factor/{userId}
POST
Enabletwofactorwithid — Enable two-factor authentication for a user.
/v1/api/user/two-factor/{userId}
PUT
Updateuserverifyemail — Re-sends the verification email to the user. If the Application has configured a specific email template this will be used instead of the te
/v1/api/user/verify-email
POST
Createuserverifyemail — Administratively verify a user's email address. Use this method to bypass email verification for the user. The request body will contain th
/v1/api/user/verify-email
PUT
Updateuserverifyregistration — Re-sends the application registration verification email to the user. OR Generate a new Application Registration Verification Id to be used
/v1/api/user/verify-registration
POST
Verifyuserregistrationwithid — Confirms a user's registration. The request body will contain the verificationId. You may also be required to send a one-time use code bas
/v1/api/user/verify-registration
POST
Createuserwithid — Creates a user. You can optionally specify an Id for the user, if not provided one will be generated.
/v1/api/user/{userId}
DELETE
Deleteuserwithid — Deletes the user based on the given request (sent to the API as JSON). This permanently deletes all information, metrics, reports and data a
/v1/api/user/{userId}
PATCH
Patchuserwithid — Updates, via PATCH, the user with the given Id.
/v1/api/user/{userId}
PUT
Updateuserwithid — Updates the user with the given Id. OR Reactivates the user with the given Id.
/v1/api/user/{userId}
GET
Retrieveuserwithid — Retrieves the user for the given Id.
/v1/api/user/{userId}

MCP Tools

fusionauth-createuser

Creates a user. You can optionally specify an Id for the user, if not provided one will be generated.

fusionauth-retrieveuser

Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi

read-only idempotent
fusionauth-actionuserwithid

Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the "actioner". Both us

fusionauth-retrieveuseractioning

Retrieves all the actions for the user with the given Id that are currently inactive. An inactive action means one that is time based and ha

read-only idempotent
fusionauth-cancelactionwithid

Cancels the user action.

idempotent
fusionauth-modifyactionwithid

Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the action.

idempotent
fusionauth-retrieveactionwithid

Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id.

read-only idempotent
fusionauth-deleteuserbulk

Deletes the users with the given Ids, or users matching the provided JSON query or queryString. The order of preference is Ids, query and th

idempotent
fusionauth-createuserchangepassword

Changes a user's password using their access token (JWT) instead of the changePasswordId A common use case for this method will be if you wa

fusionauth-retrieveuserchangepassword

Check to see if the user must obtain a Trust Request Id in order to complete a change password request. When a user has enabled Two-Factor a

read-only idempotent
fusionauth-changepasswordwithid

Changes a user's password using the change password Id. This usually occurs after an email has been sent to the user and they clicked on a l

fusionauth-retrieveuserchangepasswordwithid

Check to see if the user must obtain a Trust Token Id in order to complete a change password request. When a user has enabled Two-Factor aut

read-only idempotent
fusionauth-commentonuserwithid

Adds a comment to the user's account.

fusionauth-searchusercommentswithid

Searches user comments with the specified criteria and pagination.

fusionauth-retrieveusercommentswithid

Retrieves all the comments for the user with the given Id.

read-only idempotent
fusionauth-createuserconsent

Creates a single User consent.

fusionauth-retrieveuserconsentswithid

Retrieves all the consents for a User.

read-only idempotent
fusionauth-createuserconsentwithid

Creates a single User consent.

fusionauth-patchuserconsentwithid

Updates, via PATCH, a single User consent by Id.

fusionauth-retrieveuserconsentwithid

Retrieve a single User consent by Id.

read-only idempotent
fusionauth-revokeuserconsentwithid

Revokes a single User consent by Id.

idempotent
fusionauth-updateuserconsentwithid

Updates a single User consent by Id.

idempotent
fusionauth-createfamily

Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family

fusionauth-retrievefamilieswithid

Retrieves all the families that a user belongs to.

read-only idempotent
fusionauth-retrievependingchildrenwithid

Retrieves all the children for the given parent email address.

read-only idempotent
fusionauth-sendfamilyrequestemailwithid

Sends out an email to a parent that they need to register and create a family or need to log in and add a child to their existing family.

fusionauth-updateuserfamilywithid

Updates a family with a given Id. OR Adds a user to an existing family. The family Id must be specified.

idempotent
fusionauth-createfamilywithid

Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family

fusionauth-retrievefamilymembersbyfamilyidwithid

Retrieves all the members of a family by the unique Family Id.

read-only idempotent
fusionauth-removeuserfromfamilywithid

Removes a user from the family with the given Id.

idempotent
fusionauth-forgotpasswordwithid

Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password.

fusionauth-importuserswithid

Bulk imports users. This request performs minimal validation and runs batch inserts of users with the expectation that each user does not ye

fusionauth-retrieveuserrecentlogin

Retrieves the last number of login records for a user. OR Retrieves the last number of login records.

read-only idempotent
fusionauth-importrefreshtokenswithid

Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that eac

fusionauth-register

Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel

fusionauth-patchregistrationwithid

Updates, via PATCH, the registration for the user with the given Id and the application defined in the request.

fusionauth-registerwithid

Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel

fusionauth-updateregistrationwithid

Updates the registration for the user with the given Id and the application defined in the request.

idempotent
fusionauth-deleteuserregistrationwithid

Deletes the user registration for the given user and application along with the given JSON body that contains the event information. OR Dele

idempotent
fusionauth-retrieveregistrationwithid

Retrieves the user registration for the user with the given Id and the given application Id.

read-only idempotent
fusionauth-searchusersbyidswithid

Retrieves the users for the given Ids. If any Id is invalid, it is ignored.

read-only idempotent
fusionauth-searchusersbyquerywithid

Retrieves the users for the given search criteria and pagination.

fusionauth-generatetwofactorrecoverycodeswithid

Generate two-factor recovery codes for a user. Generating two-factor recovery codes will invalidate any existing recovery codes.

fusionauth-retrievetwofactorrecoverycodeswithid

Retrieve two-factor recovery codes for a user.

read-only idempotent
fusionauth-deleteusertwofactorwithid

Disable two-factor authentication for a user using a JSON body rather than URL parameters. OR Disable two-factor authentication for a user.

idempotent
fusionauth-enabletwofactorwithid

Enable two-factor authentication for a user.

fusionauth-updateuserverifyemail

Re-sends the verification email to the user. If the Application has configured a specific email template this will be used instead of the te

idempotent
fusionauth-createuserverifyemail

Administratively verify a user's email address. Use this method to bypass email verification for the user. The request body will contain th

fusionauth-updateuserverifyregistration

Re-sends the application registration verification email to the user. OR Generate a new Application Registration Verification Id to be used

idempotent
fusionauth-verifyuserregistrationwithid

Confirms a user's registration. The request body will contain the verificationId. You may also be required to send a one-time use code bas

fusionauth-createuserwithid

Creates a user. You can optionally specify an Id for the user, if not provided one will be generated.

fusionauth-deleteuserwithid

Deletes the user based on the given request (sent to the API as JSON). This permanently deletes all information, metrics, reports and data a

idempotent
fusionauth-patchuserwithid

Updates, via PATCH, the user with the given Id.

fusionauth-updateuserwithid

Updates the user with the given Id. OR Reactivates the user with the given Id.

idempotent
fusionauth-retrieveuserwithid

Retrieves the user for the given Id.

read-only idempotent

Capability Spec

fusionauth-user.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: FusionAuth API — User
  description: 'FusionAuth API — User. 55 operations. Lead operation: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi. Self-contained Naftiko capability covering one business surface.'
  tags:
  - FusionAuth
  - User
  created: '2026-05-20'
  modified: '2026-05-20'
binds:
- namespace: env
  keys:
    FUSIONAUTH_API_KEY: FUSIONAUTH_API_KEY
capability:
  consumes:
  - type: http
    namespace: fusionauth-user
    baseUri: http://localhost:9011
    description: FusionAuth API — User business capability. Self-contained, no shared references.
    resources:
    - name: api-user
      path: /api/user
      operations:
      - name: createuser
        method: POST
        description: Creates a user. You can optionally specify an Id for the user, if not provided one will be generated.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveuser
        method: GET
        description: Retrieves the user by a verificationId. The intended use of this API is to retrieve a user after the forgot password workflow has been initi
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: verificationId
          in: query
          type: string
          description: The unique verification Id that has been set on the user object.
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: username
          in: query
          type: string
          description: The username of the user.
        - name: loginId
          in: query
          type: string
          description: The email or username of the user.
        - name: loginIdTypes
          in: query
          type: array
          description: The identity types that FusionAuth will compare the loginId to.
        - name: email
          in: query
          type: string
          description: The email of the user.
        - name: changePasswordId
          in: query
          type: string
          description: The unique change password Id that was sent via email or returned by the Forgot Password API.
    - name: api-user-action
      path: /api/user/action
      operations:
      - name: actionuserwithid
        method: POST
        description: Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the "actioner". Both us
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveuseractioning
        method: GET
        description: Retrieves all the actions for the user with the given Id that are currently inactive. An inactive action means one that is time based and ha
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: query
          type: string
          description: The Id of the user to fetch the actions for.
        - name: active
          in: query
          type: string
          description: query parameter active.
        - name: preventingLogin
          in: query
          type: string
          description: query parameter preventingLogin.
    - name: api-user-action-actionid
      path: /api/user/action/{actionId}
      operations:
      - name: cancelactionwithid
        method: DELETE
        description: Cancels the user action.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: actionId
          in: path
          type: string
          description: The action Id of the action to cancel.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: modifyactionwithid
        method: PUT
        description: Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the action.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: actionId
          in: path
          type: string
          description: The Id of the action to modify. This is technically the user action log Id.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveactionwithid
        method: GET
        description: Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: actionId
          in: path
          type: string
          description: The Id of the action to retrieve.
          required: true
    - name: api-user-bulk
      path: /api/user/bulk
      operations:
      - name: deleteuserbulk
        method: DELETE
        description: Deletes the users with the given Ids, or users matching the provided JSON query or queryString. The order of preference is Ids, query and th
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userIds
          in: query
          type: string
          description: The ids of the users to deactivate.
        - name: dryRun
          in: query
          type: string
          description: query parameter dryRun.
        - name: hardDelete
          in: query
          type: string
          description: query parameter hardDelete.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-change-password
      path: /api/user/change-password
      operations:
      - name: createuserchangepassword
        method: POST
        description: Changes a user's password using their access token (JWT) instead of the changePasswordId A common use case for this method will be if you wa
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveuserchangepassword
        method: GET
        description: Check to see if the user must obtain a Trust Request Id in order to complete a change password request. When a user has enabled Two-Factor a
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: loginId
          in: query
          type: string
          description: The loginId of the User that you intend to change the password for.
        - name: loginIdTypes
          in: query
          type: array
          description: The identity types that FusionAuth will compare the loginId to.
        - name: ipAddress
          in: query
          type: string
          description: IP address of the user changing their password. This is used for MFA risk assessment.
    - name: api-user-change-password-changepasswordid
      path: /api/user/change-password/{changePasswordId}
      operations:
      - name: changepasswordwithid
        method: POST
        description: Changes a user's password using the change password Id. This usually occurs after an email has been sent to the user and they clicked on a l
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: changePasswordId
          in: path
          type: string
          description: The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveuserchangepasswordwithid
        method: GET
        description: Check to see if the user must obtain a Trust Token Id in order to complete a change password request. When a user has enabled Two-Factor aut
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ipAddress
          in: query
          type: string
          description: IP address of the user changing their password. This is used for MFA risk assessment.
        - name: changePasswordId
          in: path
          type: string
          description: The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
          required: true
    - name: api-user-comment
      path: /api/user/comment
      operations:
      - name: commentonuserwithid
        method: POST
        description: Adds a comment to the user's account.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-comment-search
      path: /api/user/comment/search
      operations:
      - name: searchusercommentswithid
        method: POST
        description: Searches user comments with the specified criteria and pagination.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-comment-userid
      path: /api/user/comment/{userId}
      operations:
      - name: retrieveusercommentswithid
        method: GET
        description: Retrieves all the comments for the user with the given Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
    - name: api-user-consent
      path: /api/user/consent
      operations:
      - name: createuserconsent
        method: POST
        description: Creates a single User consent.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveuserconsentswithid
        method: GET
        description: Retrieves all the consents for a User.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: query
          type: string
          description: The User's Id
    - name: api-user-consent-userconsentid
      path: /api/user/consent/{userConsentId}
      operations:
      - name: createuserconsentwithid
        method: POST
        description: Creates a single User consent.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userConsentId
          in: path
          type: string
          description: The Id for the User consent. If not provided a secure random UUID will be generated.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: patchuserconsentwithid
        method: PATCH
        description: Updates, via PATCH, a single User consent by Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userConsentId
          in: path
          type: string
          description: The User Consent Id
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveuserconsentwithid
        method: GET
        description: Retrieve a single User consent by Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userConsentId
          in: path
          type: string
          description: The User consent Id
          required: true
      - name: revokeuserconsentwithid
        method: DELETE
        description: Revokes a single User consent by Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userConsentId
          in: path
          type: string
          description: The User Consent Id
          required: true
      - name: updateuserconsentwithid
        method: PUT
        description: Updates a single User consent by Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userConsentId
          in: path
          type: string
          description: The User Consent Id
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-family
      path: /api/user/family
      operations:
      - name: createfamily
        method: POST
        description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrievefamilieswithid
        method: GET
        description: Retrieves all the families that a user belongs to.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: query
          type: string
          description: The User's id
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
    - name: api-user-family-pending
      path: /api/user/family/pending
      operations:
      - name: retrievependingchildrenwithid
        method: GET
        description: Retrieves all the children for the given parent email address.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: parentEmail
          in: query
          type: string
          description: The email of the parent.
    - name: api-user-family-request
      path: /api/user/family/request
      operations:
      - name: sendfamilyrequestemailwithid
        method: POST
        description: Sends out an email to a parent that they need to register and create a family or need to log in and add a child to their existing family.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-family-familyid
      path: /api/user/family/{familyId}
      operations:
      - name: updateuserfamilywithid
        method: PUT
        description: Updates a family with a given Id. OR Adds a user to an existing family. The family Id must be specified.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: familyId
          in: path
          type: string
          description: The Id of the family to update.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: createfamilywithid
        method: POST
        description: Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the family
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: familyId
          in: path
          type: string
          description: The Id for the family. If not provided a secure random UUID will be generated.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrievefamilymembersbyfamilyidwithid
        method: GET
        description: Retrieves all the members of a family by the unique Family Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: familyId
          in: path
          type: string
          description: The unique Id of the Family.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
    - name: api-user-family-familyid-userid
      path: /api/user/family/{familyId}/{userId}
      operations:
      - name: removeuserfromfamilywithid
        method: DELETE
        description: Removes a user from the family with the given Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: familyId
          in: path
          type: string
          description: The Id of the family to remove the user from.
          required: true
        - name: userId
          in: path
          type: string
          description: The Id of the user to remove from the family.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
    - name: api-user-forgot-password
      path: /api/user/forgot-password
      operations:
      - name: forgotpasswordwithid
        method: POST
        description: Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-import
      path: /api/user/import
      operations:
      - name: importuserswithid
        method: POST
        description: Bulk imports users. This request performs minimal validation and runs batch inserts of users with the expectation that each user does not ye
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-recent-login
      path: /api/user/recent-login
      operations:
      - name: retrieveuserrecentlogin
        method: GET
        description: Retrieves the last number of login records for a user. OR Retrieves the last number of login records.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: query
          type: string
          description: The Id of the user.
        - name: offset
          in: query
          type: string
          description: The initial record. e.g. 0 is the last login, 100 will be the 100th most recent login.
        - name: limit
          in: query
          type: string
          description: (Optional, defaults to 10) The number of records to retrieve.
    - name: api-user-refresh-token-import
      path: /api/user/refresh-token/import
      operations:
      - name: importrefreshtokenswithid
        method: POST
        description: Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that eac
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-registration
      path: /api/user/registration
      operations:
      - name: register
        method: POST
        description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-registration-userid
      path: /api/user/registration/{userId}
      operations:
      - name: patchregistrationwithid
        method: PATCH
        description: Updates, via PATCH, the registration for the user with the given Id and the application defined in the request.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user whose registration is going to be updated.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: registerwithid
        method: POST
        description: Registers a user for an application. If you provide the User and the UserRegistration object on this request, it will create the user as wel
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user being registered for the application and optionally created.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: updateregistrationwithid
        method: PUT
        description: Updates the registration for the user with the given Id and the application defined in the request.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user whose registration is going to be updated.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-registration-userid-applicationid
      path: /api/user/registration/{userId}/{applicationId}
      operations:
      - name: deleteuserregistrationwithid
        method: DELETE
        description: Deletes the user registration for the given user and application along with the given JSON body that contains the event information. OR Dele
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user whose registration is being deleted.
          required: true
        - name: applicationId
          in: path
          type: string
          description: The Id of the application to remove the registration for.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: retrieveregistrationwithid
        method: GET
        description: Retrieves the user registration for the user with the given Id and the given application Id.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user.
          required: true
        - name: applicationId
          in: path
          type: string
          description: The Id of the application.
          required: true
        - name: X-FusionAuth-TenantId
          in: header
          type: string
          description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped.
    - name: api-user-search
      path: /api/user/search
      operations:
      - name: searchusersbyidswithid
        method: GET
        description: Retrieves the users for the given Ids. If any Id is invalid, it is ignored.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ids
          in: query
          type: string
          description: The user Ids to search for.
      - name: searchusersbyquerywithid
        method: POST
        description: Retrieves the users for the given search criteria and pagination.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-two-factor-recovery-code-userid
      path: /api/user/two-factor/recovery-code/{userId}
      operations:
      - name: generatetwofactorrecoverycodeswithid
        method: POST
        description: Generate two-factor recovery codes for a user. Generating two-factor recovery codes will invalidate any existing recovery codes.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user to generate new Two Factor recovery codes.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: retrievetwofactorrecoverycodeswithid
        method: GET
        description: Retrieve two-factor recovery codes for a user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the user to retrieve Two Factor recovery codes.
          required: true
    - name: api-user-two-factor-userid
      path: /api/user/two-factor/{userId}
      operations:
      - name: deleteusertwofactorwithid
        method: DELETE
        description: Disable two-factor authentication for a user using a JSON body rather than URL parameters. OR Disable two-factor authentication for a user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The Id of the Us

# --- truncated at 32 KB (91 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/fusionauth/refs/heads/main/capabilities/fusionauth-user.yaml