Symphony Messaging REST APIs
  • Symphony Messaging API Reference documentation
  • Endpoints Reference
    • Bots Authentication
      • Session Authenticate
      • Key Manager Authenticate
      • Session Authenticate (Cert)
      • Key Manager Authenticate (Cert)
      • Session Logout
      • Key Manager Logout
    • Apps Authentication
      • Authenticate App
      • Pod Certificate
    • Apps On Behalf Of (OBO)
      • API Endpoints for Apps
      • App Authentication
      • User Authentication by User ID
      • User Authentication by User Name
    • Info - Health Check
      • Health Check
      • Health Check Extended
      • Session User
      • Agent Info
      • Echo
    • Messages
      • Get Messages
      • Create Message
      • Blast Message
      • Attachment
      • Import Message
      • Update Message
      • Suppress Message
      • Message Search
      • Message Search
      • Message Status
      • Attachment Types
      • Get Message
      • List Attachments
      • List Message Receipts
      • Message Metadata
    • Datafeed - Real Time Events
      • Create Datafeed
      • Read Datafeed
      • List Datafeed
      • Delete Datafeed
    • Datahose - Pod Real Time Events
      • Datahose - Read Events
    • Streams - Conversations
      • Related to IMs
        • Create IM
        • Create IM non-inclusive
        • Update IM
        • IM Info
      • Related to Rooms
        • Room Attributes
        • Create Room
        • Update Room
        • Room Info
        • De/Re-activate Room
        • Room Members
        • Add Member
        • Remove Member
        • Promote Owner
        • Demote Owner
        • Search Rooms
      • All streams
        • Share Content
        • List User Streams
        • List User Streams (Admin)
        • Stream Info
        • List Streams for Enterprise
        • Stream Members
    • Signals
      • List Signals
      • Get Signal
      • Create Signal
      • Update Signal
      • Delete Signal
      • Subscribe Signal
      • Unsubscribe Signal
      • Suscribers
      • Signal Object
    • Connections
      • Get Connection
      • List Connection
      • Create Connection
      • Accept Connection
      • Reject Connection
      • Remove Connection
    • Presence
      • Get Presence
      • Get All Presence
      • Get User Presence
      • External Presence Interest
      • Set Presence
      • Set Other User's Presence - Admin
    • Users
      • Users Lookup
      • Search Users
      • Follow User
      • Unfollow User
      • List User Followers
      • List Users Followed
    • User Management
      • User Attributes Object
      • Password Object
      • Roles Object
      • UserKeyRequest Object
      • Get User
      • List Users
      • Create User
      • Update User
      • User Avatar
      • Update User Avatar
      • User Status
      • Update User Status
      • List Features
      • User Features
      • Update User Features
      • Find Users
      • List Roles
      • Add Role
      • Remove Role
      • List Audit Trail
      • Suspend User Account
      • Get Bot Manifest
      • Update Bot Manifest
    • User Sessions
      • List Sessions
      • Logout Session
      • Logout All Sessions
    • Groups - Distribution Lists
      • OAuth2 Authenticate
      • Add a new user to an existing group
      • Insert a new group
      • Retrieve a group
      • Update a group
      • List all groups of specified type
      • Update the group avatar
    • URI Protocols
      • Create Protocol
      • List Protocols
      • Delete Protocol
    • Manage Apps
      • Create App
      • Update App
      • Delete App
      • Get App
    • Apps Entitlements
      • List Apps
      • Update App Entitlements
      • List User Apps
      • Update User Apps
      • Update All User Apps
    • Disclaimers
      • Disclaimer
      • List Disclaimers
      • List Disclaimer Users
      • User Disclaimer
      • Update User Disclaimer
      • Unassign User Disclaimer
    • Delegates
      • User Delegates
      • Update User Delegates
    • Information Barrier Groups
      • List IB Groups
      • List IB Group Members
      • Add IB Group Members
      • Remove IB Group Members
      • List Policies
    • Certificates
      • Public (Signing) Certificate
      • List Company Certificates
      • Create Company Certificate
      • Delete Company Certificate
      • Company Certificate Details
      • List Verified Certificates
      • List Trusted Certificates
      • List Certificate Types
      • Update Company Certificate
    • Malware Scanner
      • Malware Scanner APIs
        • File Malware Scanner State
        • Update File Malware Scanner State
      • Customer Malware Scanner APIs
        • Malware Scanner Health
        • File Malware Scanner
    • DLP Dictionary & Policy Management
      • Overview
      • Dictionary Management endpoints
        • Create Dictionary
        • All Dictionaries
        • Specific Dictionary
        • Update Dictionary
        • Upload Dictionary Content
        • Download Dictionary Content
        • Delete Dictionary
      • V3 Policy Management endpoints
        • V3 Policy structure for Create/Update
        • V3 Create Policy
        • V3 All Policies
        • V3 Get Policy
        • V3 Update Policy
        • V3 Enable Policy
        • V3 Disable Policy
        • V3 Delete Policy
      • V3 Violations endpoints
        • V3 Violations - Sample Responses
        • V3 Violations - Special Scenarios of Attachments
        • V3 Message Violations
        • V3 Signal Violations
        • V3 Stream Violations
        • V3 Violation Attachment Download
    • Audit Trail 2
      • OAuth2 Authenticate
      • Get Audit trails
      • Get distinct values of a list of filters
      • Get Audit Trail Stream
      • Get categories permissions
    • Compliance Barrier Groups
      • Compliance Group Types
      • Compliance User Groups
        • List Compliance User Groups
        • Get a Compliance User Group
        • Create a Compliance User Group
        • Update a Compliance User Group
      • Compliance Group Assignments
        • List Assignments
        • List Compliance Group Assignments
        • Update a Compliance Group
      • Compliance Group Memberships
        • List Memberships
        • List Compliance Group Memberships
        • Add Compliance Group Membership
        • Update a User Membership
  • Deprecated Endpoints
    • DLP Dictionary and Policy management
      • V2 Policy Management endpoints
        • V2 Create Policy
        • V2 All Policies
        • V2 Get Policy
        • V2 Update Policy
        • V2 Enable Policy
        • V2 Disable Policy
        • V2 Delete Policy
      • V2 Violations endpoints
        • V2 Signal Violations
        • V2 Message Violations
        • V2 Stream Violations
    • Create Presence Feed
    • Read Presence Feed
    • Delete Presence Feed
    • Get Message IDs by Timestamp
    • Health Check v2
    • Datafeed 1
      • Create Datafeed 1
      • Read Datafeed 1
Powered by GitBook
On this page

Was this helpful?

  1. Endpoints Reference
  2. User Management

Create User

Last updated 5 months ago

Was this helpful?

Creates a new user, either End-User or Service User.

  • End-User Accounts are assigned to employees. To create an end user account, the accountType field must be NORMAL.

  • Service User Accounts are a type of account used for bots or applications, rather than end-users. To create a service user account, the accountType field must be SYSTEM.

See , , and for user creation parameters.

Request Examples

curl -X POST \
https://acme.symphony.com/pod/v2/admin/user/create \
-H "sessionToken: SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{   
    "userAttributes": {
        "accountType": "NORMAL",
        "emailAddress": "janedoe@symphony.com",
        "firstName": "Jane",
        "lastName": "Doe",
        "userName": "janedoe",
        "displayName": "Jane Doe",
        "companyName": "",
        "department": "",
        "division": "",
        "title": "Sales",
        "twoFactorAuthPhone": "",
        "workPhoneNumber": "",
        "mobilePhoneNumber": "",
        "location": "San Francisco",
        "jobFunction": "Sales",
        "assetClasses": ["Commodities"],
        "industries": ["Basic Materials"],
        "marketCoverage": ["LATAM"],
        "responsibility": ["BAU"],
        "function": ["Trade Management"],
        "instrument": ["Securities"],
        "currentKey": {"key": "-----BEGIN PUBLIC KEY-----\nMIICIjAN...==\n-----END PUBLIC KEY-----"
}
        
    },
    "password": {
        "hSalt": "password",
        "hPassword": "password",
        "khSalt": "password",
        "khPassword": "password"
    }
}'
curl -X POST \
https://acme.symphony.com/pod/v2/admin/user/create \
-H "sessionToken: SESSION_TOKEN" -H "Content-Type: application/json" \
-d '{
  "userAttributes": {
    "accountType": "SYSTEM",
    "emailAddress": "apiuser@symphony.com",
    "userName": "apiuser",
    "displayName": "API User",
    "companyName": "Symphony",
    "department": "Client Application",
    "division": "Technology",
    "workPhoneNumber": "+33600000000",
    "mobilePhoneNumber": "+33600000001",
    "twoFactorAuthPhone": "+33600000002",
    "recommendedLanguage": "english",
    "location": "Sophia Antipolis",
    "jobFunction": "Sales",
    "assetClasses": ["Commodities"],
    "industries": ["Basic Materials"],
    "marketCoverage": ["LATAM"],
    "responsibility": ["BAU"],
    "function": ["Trade Management"],
    "instrument": ["Securities"],
    "currentKey": {
        "key": "-----BEGIN PUBLIC KEY-----MII...Q==-----END PUBLIC KEY-----"
    }

  },
  "roles": ["INDIVIDUAL", "USER_PROVISIONING", "SCOPE_MANAGEMENT", "CONTENT_MANAGEMENT", "MALWARE_SCAN_MANAGER", "MALWARE_SCAN_STATE_USER", "AUDIT_TRAIL_MANAGEMENT"]
}'

📘 Note - Suspension

Since 20.14, userSystemInfo from the payload includes suspension info:

  • if user is active, then the suspended attribute is set to false,

  • if user is suspended, then the suspended attribute is set to true and both suspendedUntil and suspensionReason are as well included in the payload.

🚧 Required Permissions

The Password Object

The password object is optional for end-user accounts (NORMAL). For example, if your organization utilizes SSO, you may not want to specify the password.

Please note the password object is not used for service accounts (SYSTEM) and therefore cannot be entered in the request payload.

The following code snippets can be used to generate hashed passwords. Two implementations are provided, one using built-in Java classes and the other with Postman.

@Test
public void test() throws NoSuchAlgorithmException, InvalidKeySpecException {
  String password = "ARandomPassword";
  SecureRandom sr = new SecureRandom();
  byte[] salt = new byte[16];
  sr.nextBytes(salt);
  assertTrue(Arrays.equals(generateStrongPasswordHash(password, salt), getSaltedPassword(password, salt)));
}

private static byte[] generateStrongPasswordHash(String password, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
  int iterations = 10000;
  char[] pb = password.toCharArray();
  PBEKeySpec spec = new PBEKeySpec(pb, salt, iterations, 256);
  SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
  byte[] hash = skf.generateSecret(spec).getEncoded();
  return hash;
}

public static byte[] getSaltedPassword(String password, byte[] salt) {
  PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
  byte[] bytes = password.getBytes(StandardCharsets.UTF_8);
  gen.init(bytes, salt, 10000);
  byte[] newPasswordGen = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
  return newPasswordGen;
}

// Example with Postman, as a Pre-Request script.

const password = 'SymphonyRocks123456789!'; // Replace with your password

// Generate a random salt of specified length
function generateSalt(length) {
    return CryptoJS.lib.WordArray.random(128 / 8);
}

// PBKDF2 function using CryptoJS
function derivePBKDF2(password, salt, iterations, keyLength) {
    return CryptoJS.PBKDF2(password, salt, {
        keySize: keyLength / 32, // Key size in words (32-bit units)
        iterations: iterations,
        hasher: CryptoJS.algo.SHA256
    });
}

// Parameters
const iterations = 10000;           // Number of iterations
const keyLength = 256;              // Key length in bits (256 = 32 bytes)
const saltLength = 16;              // Salt length in characters

// Generate random salts
const hSalt = generateSalt(saltLength);
const khSalt = generateSalt(saltLength);

// Derive PBKDF2 hashes
const hPassword = derivePBKDF2(password, hSalt, iterations, keyLength);
const khPassword = derivePBKDF2(password, khSalt, iterations, keyLength);

// Convert salts and hashes to B64 strings
const hSaltB64 = CryptoJS.enc.Base64.stringify(hSalt);
const khSaltB64 = CryptoJS.enc.Base64.stringify(khSalt);
const hPasswordB64 = CryptoJS.enc.Base64.stringify(hPassword);
const khPasswordB64 = CryptoJS.enc.Base64.stringify(khPassword);

// Set Postman environment variables for use in the request
pm.environment.set('hSalt', hSaltB64);
pm.environment.set('hPassword', hPasswordB64);
pm.environment.set('khSalt', khSaltB64);
pm.environment.set('khPassword', khPasswordB64);

Please note that even if the suspendedUntil date is in the past, the user will remain suspended=true until he first logs on the client after the suspension ended. The suspended info are then automatically updated. See the endpoint for more information.

Calling this endpoint requires the ACCESS_USER_PROVISIONING_API and ACCESS_ADMIN_API privileges. See for a list of roles and associated privileges.

Suspend User Account
Bot Permissions
User Attributes
Password Object
Roles Object
  • POSTCreate a new V2 User
  • Request Examples
  • The Password Object

Create a new V2 User

post
Header parameters
sessionTokenstringRequired

Session authentication token.

Body

V2 User Creation Object. After creation, modify roles, features etc via the specific API calls.

rolesstring[]OptionalExample: ["INDIVIDUAL","COMPLIANCE_OFFICER"]
Responses
200
Success
application/json
400
Client error, see response body for further details.
application/json
401
Unauthorized: Invalid session token.
application/json
403
Forbidden: Caller lacks necessary entitlement.
application/json
500
Server error, see response body for further details.
application/json
post
POST /pod/v2/admin/user/create HTTP/1.1
Host: yourpodURL.symphony.com
sessionToken: text
Content-Type: application/json
Accept: */*
Content-Length: 1094

{
  "userAttributes": {
    "emailAddress": "johndoe@symphony.com",
    "firstName": "John",
    "lastName": "Doe",
    "userName": "johndoe",
    "displayName": "John Doe",
    "companyName": "Company",
    "department": "Department",
    "division": "Division",
    "title": "Trader",
    "workPhoneNumber": "+15419999999",
    "mobilePhoneNumber": "+15419999999",
    "twoFactorAuthPhone": "+15419999999",
    "smsNumber": "+15419999999",
    "accountType": "NORMAL",
    "location": "New York",
    "recommendedLanguage": "english",
    "jobFunction": "Trader",
    "assetClasses": [
      "Equities"
    ],
    "industries": [
      "Healthcare",
      "Technology"
    ],
    "marketCoverage": [
      "EMEA"
    ],
    "responsibility": [
      "BAU"
    ],
    "function": [
      "Trade Processing"
    ],
    "instrument": [
      "Equities"
    ],
    "currentKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    },
    "previousKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    }
  },
  "password": {
    "hSalt": "hsalt",
    "hPassword": "hpassword",
    "khSalt": "khsalt",
    "khPassword": "khpassword"
  },
  "roles": [
    "INDIVIDUAL",
    "COMPLIANCE_OFFICER"
  ]
}
{
  "userAttributes": {
    "emailAddress": "johndoe@symphony.com",
    "firstName": "John",
    "lastName": "Doe",
    "userName": "johndoe",
    "displayName": "John Doe",
    "companyName": "Company",
    "department": "Department",
    "division": "Division",
    "title": "Trader",
    "workPhoneNumber": "+15419999999",
    "mobilePhoneNumber": "+15419999999",
    "twoFactorAuthPhone": "+15419999999",
    "smsNumber": "+15419999999",
    "accountType": "NORMAL",
    "location": "New York",
    "recommendedLanguage": "english",
    "jobFunction": "Trader",
    "assetClasses": [
      "Equities"
    ],
    "industries": [
      "Healthcare",
      "Technology"
    ],
    "marketCoverage": [
      "EMEA"
    ],
    "responsibility": [
      "BAU"
    ],
    "function": [
      "Trade Processing"
    ],
    "instrument": [
      "Equities"
    ],
    "currentKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    },
    "previousKey": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1467562406219,
      "action": "SAVE"
    }
  },
  "userSystemInfo": {
    "id": 7215545078461,
    "status": "ENABLED",
    "suspended": true,
    "suspendedUntil": 1601546400,
    "suspensionReason": "The user will be OOO due to a mandatory leave",
    "createdDate": 1461508270000,
    "createdBy": "7215545057281",
    "lastUpdatedDate": 1461508270000,
    "lastLoginDate": 1461508270000,
    "lastPasswordReset": 1461508270000,
    "deactivatedDate": 1461508270000
  },
  "features": [
    1461508270000,
    7215545057281
  ],
  "apps": [
    1461508270000,
    7215545057281
  ],
  "groups": [
    1461508270000,
    7215545057281
  ],
  "roles": [
    "ftp",
    "mailto",
    "fdsup",
    "skype"
  ],
  "disclaimers": [
    1461508270000,
    7215545057281
  ],
  "avatar": {
    "size": "original",
    "url": "../avatars/izcQTdRVFOK_qhCrYeQOpIuHKuZuMk3J88Uz_bShzM8.png"
  }
}