A user represents an individual who can access your organization’s Partoo account.
Each user is uniquely identified by email, user_id, and a role.
Users authenticate with either a password or Single Sign-On (SSO).
If SSO is enabled for your organization, you can restrict specific users to SSO-only access (sso_only: true).
This section covers user creation and invitation. See the Edit User and Delete User endpoints for the rest of the lifecycle.
Roles
| Role | Description |
|---|
| ORG_ADMIN (default) | Full control over the entire organization. |
| Group Manager | Manages one or more groups (collections of locations). |
| Business Manager | Manages one or more individual business locations. |
Authentication & SSO
- Password login: The user sets a password that meets security rules.
- SSO-only login: Set
sso_only: true and omit (or set null) the password field.
Create a User
Prerequisites
- API key passed in the
x-APIKey header.
- Unique email, first_name, last_name.
- Optional role (defaults to
ORG_ADMIN).
Endpoint
POST https://api.partoo.co/v2/user
x-APIKey: YOUR_API_KEY
Content-Type: application/json
Request & Response
Send one of the JSON payloads below.
A successful call returns 200 OK with the created user object.
Invitation rules
• send_invitation: true — an email is sent immediately (unless sso_only is true).
• send_invitation: false — create the account silently; trigger Reinvite User later.
Payload examples
ORG_ADMIN
Group Manager
Business Manager
{
"email": "alice.admin@example.com",
"first_name": "Alice",
"last_name": "Admin",
"role": "ORG_ADMIN",
"password": "Str0ng#Pass!",
"lang": "en",
"sidebar_pages": ["diffusion", "review_management"],
"preferences": { "language": "en" },
"sso_only": false,
"send_invitation": true
}
{
"email": "gary.group@example.com",
"first_name": "Gary",
"last_name": "Group",
"role": "GROUP_MANAGER",
"password": "Str0ng#Pass!",
"lang": "fr",
"sidebar_pages": ["posts", "messages"],
"accesses": [
[821],
[907]
],
"sso_only": false,
"send_invitation": true
}
{
"email": "bella.business@example.com",
"first_name": "Bella",
"last_name": "Business",
"role": "BUSINESS_MANAGER",
"business_ids": [
"biz_01H9M4V7T3",
"biz_01H9M5Q2DH"
],
"lang": "es",
"sidebar_pages": ["review_invite", "presence_analytics"],
"sso_only": true,
"send_invitation": false
}
End-to-end request in multiple languages
cURL
Python (requests)
Java (OkHttp)
PHP (cURL)
curl -X POST 'https://api.partoo.co/v2/user' \
-H 'x-APIKey: ${API_KEY}' \
-H 'Content-Type: application/json' \
-d '{
"email": "alice.admin@example.com",
"first_name": "Alice",
"last_name": "Admin",
"role": "ORG_ADMIN",
"password": "Str0ng#Pass!",
"lang": "en",
"sidebar_pages": ["diffusion","review_management"],
"sso_only": false,
"send_invitation": true
}'
import requests
payload = {
"email": "alice.admin@example.com",
"first_name": "Alice",
"last_name": "Admin",
"role": "ORG_ADMIN",
"password": "Str0ng#Pass!",
"lang": "en",
"sidebar_pages": ["diffusion", "review_management"],
"sso_only": False,
"send_invitation": True
}
r = requests.post(
"https://api.partoo.co/v2/user",
headers={"x-APIKey": "YOUR_API_KEY", "Content-Type": "application/json"},
json=payload
)
print(r.status_code, r.json())
String body = """
{
"email": "alice.admin@example.com",
"first_name": "Alice",
"last_name": "Admin",
"role": "ORG_ADMIN",
"password": "Str0ng#Pass!",
"lang": "en",
"sidebar_pages": ["diffusion","review_management"],
"sso_only": false,
"send_invitation": true
}
""";
Request request = new Request.Builder()
.url("https://api.partoo.co/v2/user")
.addHeader("x-APIKey", "YOUR_API_KEY")
.post(RequestBody.create(body, MediaType.parse("application/json")))
.build();
$payload = [
"email" => "alice.admin@example.com",
"first_name" => "Alice",
"last_name" => "Admin",
"role" => "ORG_ADMIN",
"password" => "Str0ng#Pass!",
"lang" => "en",
"sidebar_pages" => ["diffusion", "review_management"],
"sso_only" => false,
"send_invitation" => true
];
$ch = curl_init("https://api.partoo.co/v2/user");
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => [
"x-APIKey: YOUR_API_KEY",
"Content-Type: application/json"
],
CURLOPT_POSTFIELDS => json_encode($payload),
CURLOPT_RETURNTRANSFER => true
]);
echo curl_exec($ch);
curl_close($ch);
Parameters
| Name | Type | Default | Notes |
|---|
email | string <email> | — (required) | Must be unique. |
first_name | string | — (required) | User’s first name. |
last_name | string | — (required) | User’s last name. |
role | string | ORG_ADMIN | Optional. One of ORG_ADMIN, GROUP_MANAGER, BUSINESS_MANAGER. |
password | string | null | — | ≥ 8 chars, 1 upper, 1 lower, 1 special. Can be null if sso_only is true. |
lang | string | — | UI language (fr, en, es, it, pt-br, de, ar, nl, pl, cs, ca, sk, pt, lv, ro, bg, hu). |
sidebar_pages | array<string> | all features | Limit visible sidebar items (bulk_modification, diffusion, feedback_management, messages, posts, etc.). |
sso_only | boolean | false | When true, disables password login. |
send_invitation | boolean | false | Whether to send the invitation email immediately. |
accesses | array<integer> | — | Group Manager only – list of group IDs. |
business_ids | array<string> | — | Business Manager only – list of business IDs. |
To do
