/v1/domain/{domain}/user
Manage users via the /v1/domain/{domain}/user endpoint.
Prerequisites:
GET /v1/domain/{domain}/user
Lists the users registered under the specified domain.
This endpoint does not include all properties of the users. Endpoint is designed for search purposes. To get the full user details, invoke the /v1/domain/{domain}/user/{sub} endpoint.
User list includes:
- Federated users
- Local users
curl -X 'GET' \
'https://api.entrypage.io/v1/domain/your-domain-here?search=username-or-emailaddress&limit=100&offset=0' \
-H 'accept: text/plain' \
-H 'x-api-key: your-api-key-here'Parameters
| Parameter | Description | Requirements |
|---|---|---|
search | The username or email address to look for. | Optional; string, maximum 256 characters. |
offset | A numeric value indicating what record to start with | Optional; int. |
limit b | The number of records to return | Optional; int, maximum 100. |
Responses: Response: 200 - OK
{
"sub": "string",
"active": true,
"referredUsername": "string",
"email": "string"
}Response: 400 - Bad Request
Response: 401 - Unauthorized
POST /v1/domain/{domain}/user
Provision a new local user intended for passwordless authentication only. Users created via this endpoint cannot authenticate with a password, but can sign in using one or more of the following methods:
- WebAuthn (e.g., Touch ID, Windows Hello, FIDO2 keys)
- TOTP (Time-based One-Time Passwords, such as from authenticator apps)
- Magic Links (via email or SMS)
A successful request returns the unique subject-id (sub) of the newly created user.
curl -X 'POST' \
'https://api.entrypage.io/v1/domain/your-domain-here/user' \
-H 'accept: text/plain' \
-H 'Content-Type: application/json' \
-H 'x-api-key: your-api-key-here' \
-d '{
"preferredUsername": "johndoe@yourdomain.com",
"name": "John Doe"
}'Parameters
| Parameter | Description | Requirements |
|---|---|---|
preferredUsername | The account’s username | Required; string, minimum 10 characters. |
name | The user’s full name | Required; string, minimum 1 characters. |
Responses
Response: 200 - OK
{
"sub": "string"
}Response: 401 - Unauthorized
Response: 409 - Conflict (Username taken.)
PATCH /domain/{domain}/user/{sub}
Set the value of any user attribute. These attributes appear as claims in the user’s id_token and in the data returned by the /connect/userinfo endpoint.
It is possible to assign values to attributes that correspond to reserved OpenID Connect claims (for example, iss, aud, exp, iat, auth_time, nonce, acr, or amr). These reserved attributes are stored in the user object and can be retrieved via the API or the admin portal; however, they are omitted from tokens issued in the id_token and access_token.
The sub claim (subject identifier) is immutable and cannot be created, modified, or reset.
The preferred_username attribute may only be updated if the username is not taken by another user. If that is the case, the API will return a 409 - Conflict response.
Attributes included in the profile, email, and phone scopes must comply with the following rules:
- They must be of the correct data type (for example, birthdate must be a date, phone_number_verified must be a boolean, etc.).
- Each attribute may be omitted or occur only once.
Setting an attribute’s value to null removes the attribute entirely.
This endpoint implements a merge-patch behavior: only the attributes explicitly defined in the request will be updated; all other attributes remain unchanged.
You may not define more than 150 attributes. Attribute values may be integers, strings, arrays, or objects.
curl -X 'PATCH' \
'https://api.entrypage.io/v1/domain/your-domain-here/user/example-sub' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-H 'x-api-key: your-api-key-here' \
-d '{
"birthdate": "21-05-1989",
"claim-to-remove": null,
"custom-attribute-1": "string",
"custom-attribute-2": 1,
"custom-attribute-3": {
"prop": "value"
}
}'Parameters
This endpoint accepts any object structure.
Responses
Response: 204 - Accepted
Response: 400 - Bad Request
Response: 401 - Unauthorized
Response: 409 - Conflict
POST /domain/{domain}/user/{sub}/magiclink
Create a magic link for a user to authenticate with.
Read how magic links work.
curl -X 'POST' \
'https://api.entrypage.io/v1/domain/your-domain-here/user/example-sub/magiclink' \
-H 'accept: text/plain' \
-H 'x-api-key: your-api-key-here' \
-H 'Content-Type: application/json' \
-d '{
"redirectUri": "string"
}'Parameters
| Parameter | Description | Requirements |
|---|---|---|
redirectUri | Where to redirect user to after succesfull authentication | Required; uri, starts with https://, no querystring, no fragment. |
Responses
Response: 201 - Created
{
"uri": "string"
}Response: 400 - Bad Request
Response: 401 - Unauthorized
API Documentation (Swagger)
The Entrypage API is hosted at api.entrypage.io, offering documentation to help you get started quickly:
Swagger UI:
Use our interactive interface to browse endpoints, understand parameters, and even make live API calls directly from your browser.
OpenAPI Specification:
Download the latest up-to-date OpenAPI Spec (formerly Swagger Spec) for full programmatic access and integration with your development tools.