Create User

Creates a new user, either End-User or Service User.

End-User Accounts are assigned to employees. To create an end user account, the accountType field must be NORMAL.
Service User Accounts are a type of account used for bots or applications, rather than end-users. To create a service user account, the accountType field must be SYSTEM.

See User Attributes, Password Object, and Roles Object for user creation parameters.

Create a new V2 User

post

Header parameters

sessionTokenstringRequired

Session authentication token.

Body

V2 User Creation Object. After creation, modify roles, features etc via the specific API calls.

rolesstring[]OptionalExample: ["INDIVIDUAL","COMPLIANCE_OFFICER"]

Responses

200

Success

application/json

400

Client error, see response body for further details.

application/json

401

Unauthorized: Invalid session token.

application/json

403

Forbidden: Caller lacks necessary entitlement.

application/json

500

Server error, see response body for further details.

application/json

post

/v2/admin/user/create

POST /pod/v2/admin/user/create HTTP/1.1
Host: yourpodURL.symphony.com
sessionToken: text
Content-Type: application/json
Accept: */*
Content-Length: 1094

{
  "userAttributes": {
    "emailAddress": "[email protected]",
    "firstName": "John",
    "lastName": "Doe",
    "userName": "johndoe",
    "displayName": "John Doe",
    "companyName": "Company",
    "department": "Department",
    "division": "Division",
    "title": "Trader",
    "workPhoneNumber": "+15419999999",
    "mobilePhoneNumber": "+15419999999",
    "twoFactorAuthPhone": "+15419999999",
    "smsNumber": "+15419999999",
    "accountType": "NORMAL",
    "location": "New York",
    "recommendedLanguage": "english",
    "jobFunction": "Trader",
    "assetClasses": [
      "Equities"
    ],
    "industries": [
      "Healthcare",
      "Technology"
    ],
    "marketCoverage": [
      "EMEA"
    ],
    "responsibility": [
      "BAU"
    ],
    "function": [
      "Trade Processing"
    ],
    "instrument": [
      "Equities"
    ],
    "currentKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    },
    "previousKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    }
  },
  "password": {
    "hSalt": "hsalt",
    "hPassword": "hpassword",
    "khSalt": "khsalt",
    "khPassword": "khpassword"
  },
  "roles": [
    "INDIVIDUAL",
    "COMPLIANCE_OFFICER"
  ]
}

{
  "userAttributes": {
    "emailAddress": "[email protected]",
    "firstName": "John",
    "lastName": "Doe",
    "userName": "johndoe",
    "displayName": "John Doe",
    "companyName": "Company",
    "department": "Department",
    "division": "Division",
    "title": "Trader",
    "workPhoneNumber": "+15419999999",
    "mobilePhoneNumber": "+15419999999",
    "twoFactorAuthPhone": "+15419999999",
    "smsNumber": "+15419999999",
    "accountType": "NORMAL",
    "location": "New York",
    "recommendedLanguage": "english",
    "jobFunction": "Trader",
    "assetClasses": [
      "Equities"
    ],
    "industries": [
      "Healthcare",
      "Technology"
    ],
    "marketCoverage": [
      "EMEA"
    ],
    "responsibility": [
      "BAU"
    ],
    "function": [
      "Trade Processing"
    ],
    "instrument": [
      "Equities"
    ],
    "currentKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    },
    "previousKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    }
  },
  "userSystemInfo": {
    "id": 7215545078461,
    "status": "ENABLED",
    "suspended": true,
    "suspendedUntil": 1601546400,
    "suspensionReason": "The user will be OOO due to a mandatory leave",
    "createdDate": 1461508270000,
    "createdBy": "7215545057281",
    "lastUpdatedDate": 1461508270000,
    "lastLoginDate": 1461508270000,
    "lastPasswordReset": 1461508270000,
    "deactivatedDate": 1461508270000
  },
  "features": [
    1461508270000,
    7215545057281
  ],
  "apps": [
    1461508270000,
    7215545057281
  ],
  "groups": [
    1461508270000,
    7215545057281
  ],
  "roles": [
    "ftp",
    "mailto",
    "fdsup",
    "skype"
  ],
  "disclaimers": [
    1461508270000,
    7215545057281
  ],
  "avatar": {
    "size": "original",
    "url": "../avatars/izcQTdRVFOK_qhCrYeQOpIuHKuZuMk3J88Uz_bShzM8.png"
  }
}

Request Examples

curl -X POST \
https://acme.symphony.com/pod/v2/admin/user/create \
-H "sessionToken: SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{   
    "userAttributes": {
        "accountType": "NORMAL",
        "emailAddress": "[email protected]",
        "firstName": "Jane",
        "lastName": "Doe",
        "userName": "janedoe",
        "displayName": "Jane Doe",
        "companyName": "",
        "department": "",
        "division": "",
        "title": "Sales",
        "twoFactorAuthPhone": "",
        "workPhoneNumber": "",
        "mobilePhoneNumber": "",
        "location": "San Francisco",
        "jobFunction": "Sales",
        "assetClasses": ["Commodities"],
        "industries": ["Basic Materials"],
        "marketCoverage": ["LATAM"],
        "responsibility": ["BAU"],
        "function": ["Trade Management"],
        "instrument": ["Securities"],
        "currentKey": {"key": "-----BEGIN PUBLIC KEY-----\nMIICIjAN...==\n-----END PUBLIC KEY-----"
}
        
    },
    "password": {
        "hSalt": "password",
        "hPassword": "password",
        "khSalt": "password",
        "khPassword": "password"
    }
}'

curl -X POST \
https://acme.symphony.com/pod/v2/admin/user/create \
-H "sessionToken: SESSION_TOKEN" -H "Content-Type: application/json" \
-d '{
  "userAttributes": {
    "accountType": "SYSTEM",
    "emailAddress": "[email protected]",
    "userName": "apiuser",
    "displayName": "API User",
    "companyName": "Symphony",
    "department": "Client Application",
    "division": "Technology",
    "workPhoneNumber": "+33600000000",
    "mobilePhoneNumber": "+33600000001",
    "twoFactorAuthPhone": "+33600000002",
    "recommendedLanguage": "english",
    "location": "Sophia Antipolis",
    "jobFunction": "Sales",
    "assetClasses": ["Commodities"],
    "industries": ["Basic Materials"],
    "marketCoverage": ["LATAM"],
    "responsibility": ["BAU"],
    "function": ["Trade Management"],
    "instrument": ["Securities"],
    "currentKey": {
        "key": "-----BEGIN PUBLIC KEY-----MII...Q==-----END PUBLIC KEY-----"
    }

  },
  "roles": ["INDIVIDUAL", "USER_PROVISIONING", "SCOPE_MANAGEMENT", "CONTENT_MANAGEMENT", "MALWARE_SCAN_MANAGER", "MALWARE_SCAN_STATE_USER", "AUDIT_TRAIL_MANAGEMENT"]
}'

📘 Note - Suspension
Since 20.14, userSystemInfo from the payload includes suspension info:
if user is active, then the suspended attribute is set to false,
if user is suspended, then the suspended attribute is set to true and both suspendedUntil and suspensionReason are as well included in the payload.
Please note that even if the suspendedUntil date is in the past, the user will remain suspended=true until he first logs on the client after the suspension ended. The suspended info are then automatically updated. See the Suspend User Account endpoint for more information.

🚧 Required Permissions
Calling this endpoint requires the ACCESS_USER_PROVISIONING_API and ACCESS_ADMIN_API privileges. See Bot Permissions for a list of roles and associated privileges.

The `Password` Object

The password object is optional for end-user accounts (NORMAL). For example, if your organization utilizes SSO, you may not want to specify the password.

Please note the password object is not used for service accounts (SYSTEM) and therefore cannot be entered in the request payload.

The following code snippets can be used to generate hashed passwords. Two implementations are provided, one using built-in Java classes and the other with Postman.

@Test
public void test() throws NoSuchAlgorithmException, InvalidKeySpecException {
  String password = "ARandomPassword";
  SecureRandom sr = new SecureRandom();
  byte[] salt = new byte[16];
  sr.nextBytes(salt);
  assertTrue(Arrays.equals(generateStrongPasswordHash(password, salt), getSaltedPassword(password, salt)));
}

private static byte[] generateStrongPasswordHash(String password, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
  int iterations = 10000;
  char[] pb = password.toCharArray();
  PBEKeySpec spec = new PBEKeySpec(pb, salt, iterations, 256);
  SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
  byte[] hash = skf.generateSecret(spec).getEncoded();
  return hash;
}

public static byte[] getSaltedPassword(String password, byte[] salt) {
  PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
  byte[] bytes = password.getBytes(StandardCharsets.UTF_8);
  gen.init(bytes, salt, 10000);
  byte[] newPasswordGen = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
  return newPasswordGen;
}

// Example with Postman, as a Pre-Request script.

const password = 'SymphonyRocks123456789!'; // Replace with your password

// Generate a random salt of specified length
function generateSalt(length) {
    return CryptoJS.lib.WordArray.random(128 / 8);
}

// PBKDF2 function using CryptoJS
function derivePBKDF2(password, salt, iterations, keyLength) {
    return CryptoJS.PBKDF2(password, salt, {
        keySize: keyLength / 32, // Key size in words (32-bit units)
        iterations: iterations,
        hasher: CryptoJS.algo.SHA256
    });
}

// Parameters
const iterations = 10000;           // Number of iterations
const keyLength = 256;              // Key length in bits (256 = 32 bytes)
const saltLength = 16;              // Salt length in characters

// Generate random salts
const hSalt = generateSalt(saltLength);
const khSalt = generateSalt(saltLength);

// Derive PBKDF2 hashes
const hPassword = derivePBKDF2(password, hSalt, iterations, keyLength);
const khPassword = derivePBKDF2(password, khSalt, iterations, keyLength);

// Convert salts and hashes to B64 strings
const hSaltB64 = CryptoJS.enc.Base64.stringify(hSalt);
const khSaltB64 = CryptoJS.enc.Base64.stringify(khSalt);
const hPasswordB64 = CryptoJS.enc.Base64.stringify(hPassword);
const khPasswordB64 = CryptoJS.enc.Base64.stringify(khPassword);

// Set Postman environment variables for use in the request
pm.environment.set('hSalt', hSaltB64);
pm.environment.set('hPassword', hPasswordB64);
pm.environment.set('khSalt', khSaltB64);
pm.environment.set('khPassword', khPasswordB64);

Last updated 4 months ago

Was this helpful?

hashtagCreate a new V2 User

hashtagRequest Examples

hashtag📘 Note - Suspension

hashtag🚧 Required Permissions

hashtagThe Password Object

Create a new V2 User

Request Examples

📘 Note - Suspension

🚧 Required Permissions

The `Password` Object