These endpoints manage users inside the current tenant. They are tenant-scoped by the caller's session.
Endpoints
| Method | Path | Description |
|---|---|---|
GET | /api/v1/account/module-permissions | List module permission options for the tenant |
GET | /api/v1/account/users | List tenant users |
POST | /api/v1/account/users | Create a user and send invite |
GET | /api/v1/account/users/{id} | Get user detail |
PATCH | /api/v1/account/users/{id} | Update profile, roles and module permissions |
DELETE | /api/v1/account/users/{id} | Delete a user |
POST | /api/v1/account/users/{id}/invite | Resend invite email |
PATCH | /api/v1/account/users/{id}/status | Enable or disable a user |
GET /api/v1/account/module-permissions
200 OK returns an array of ModulePermissionOptionDto with key, labelKey, section, featureStatus, tenantEnabled and grantable.
GET /api/v1/account/users
200 OK returns AccountUserListResponseDto:
JSON
{"items": [],"total": 0}
POST /api/v1/account/users
Request body (CreateAccountUserDto)
| Field | Type | Required | Description |
|---|---|---|---|
email | string (email) | yes | Invitee email |
firstName | string | yes | First name |
lastName | string | yes | Last name |
roles | enum[] | yes | admin or operator |
moduleKeys | string[] | no | Module permissions to grant |
201 Created returns AccountUserDto.
PATCH /api/v1/account/users/{id}
Partial update of firstName, lastName, roles and moduleKeys.
PATCH /api/v1/account/users/{id}/status
Request body (UpdateAccountUserStatusDto)
| Field | Type | Required | Description |
|---|---|---|---|
status | enum | yes | ACTIVE or DISABLED |
Status codes
Most reads and updates return 200 OK. Creation returns 201 Created. Deletion returns 204 No Content, with 400 for invalid business rules and 404 when the user is not found.