Create User (Machine)

Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows.

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.

application/json

application/grpc

application/grpc-web+proto

Request Body required

userName string required

Possible values: non-empty and <= 200 characters

name string required

Possible values: non-empty and <= 200 characters

description string

Possible values: <= 500 characters

accessTokenType string

Possible values: [ACCESS_TOKEN_TYPE_BEARER, ACCESS_TOKEN_TYPE_JWT]

Default value: ACCESS_TOKEN_TYPE_BEARER

Request Body required

userName string required

Possible values: non-empty and <= 200 characters

name string required

Possible values: non-empty and <= 200 characters

description string

Possible values: <= 500 characters

accessTokenType string

Possible values: [ACCESS_TOKEN_TYPE_BEARER, ACCESS_TOKEN_TYPE_JWT]

Default value: ACCESS_TOKEN_TYPE_BEARER

Request Body required

userName string required

Possible values: non-empty and <= 200 characters

name string required

Possible values: non-empty and <= 200 characters

description string

Possible values: <= 500 characters

accessTokenType string

Possible values: [ACCESS_TOKEN_TYPE_BEARER, ACCESS_TOKEN_TYPE_JWT]

Default value: ACCESS_TOKEN_TYPE_BEARER

Responses

• 200
• default

---

OK

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

userId string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "userId": "string",
  "details": {
    "sequence": "2",
    "creationDate": "2024-05-24T10:54:21.824Z",
    "changeDate": "2024-05-24T10:54:21.824Z",
    "resourceOwner": "69629023906488334"
  }
}

Schema

Example (from schema)

---

Schema

userId string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "userId": "string",
  "details": {
    "sequence": "2",
    "creationDate": "2024-05-24T10:54:21.824Z",
    "changeDate": "2024-05-24T10:54:21.824Z",
    "resourceOwner": "69629023906488334"
  }
}

Schema

Example (from schema)

---

Schema

userId string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "userId": "string",
  "details": {
    "sequence": "2",
    "creationDate": "2024-05-24T10:54:21.825Z",
    "changeDate": "2024-05-24T10:54:21.825Z",
    "resourceOwner": "69629023906488334"
  }
}

An unexpected error response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /users/machine

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL

https://$CUSTOM-DOMAIN/management/v1

Bearer Token

x-zitadel-orgid — header

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

Body required

{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

python / requests

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

go / native

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

nodejs / axios

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

ruby / Net::HTTP

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

csharp / RestSharp

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

php / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

java / OkHttp

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'

powershell / RestMethod

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/machine' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userName": "robot",
  "name": "My Machine Account",
  "description": "First machine account used for API XY.",
  "accessTokenType": "ACCESS_TOKEN_TYPE_BEARER"
}'