Users¶
| Endpoint | Method | Scope | Token Tier | Description |
|---|---|---|---|---|
/api/v1/users/ |
GET | user:read |
Both | List all users (paginated) |
/api/v1/users/ |
POST | user:write |
App-level only | Create a new user |
/api/v1/users/<id>/credentials/ |
GET | user:read |
Both | List credentials for a user |
/api/v1/users/<id>/ |
DELETE | user:write |
App-level only | Delete a user |
Try it out
Explore parameters, schemas, and live requests in the Swagger UI.
User Status¶
Every user resource includes a read-only status attribute describing its lifecycle state. It is derived from enabled-listing state and updates automatically as listings are enabled or disabled.
| Value | Meaning |
|---|---|
new |
Created, but no listings enabled yet. |
active |
Has at least one enabled listing. |
inactive |
Was active before; no listings currently enabled. |
List Users¶
Returns a paginated list of all users owned by the authenticated application. Supports pagination and sorting by created_at.
- Filtering:
filter[email]=<email>— exact, case-insensitive match on the user's email. Email is unique, so this returns at most one user. Use it to recover a user'sidwhen you only have the email.
User-scoped tokens
When using a user-scoped token, this endpoint returns only the user the token is bound to.
Create User¶
Create a new user managed by your application. Users created via this endpoint are managed by the OAuth2 application and cannot log in directly (password is randomly generated).
If a user with the same email already exists, the API returns 409 Conflict.
App-level token required
This endpoint requires an app-level token. Requests with a user-scoped token will receive 403 Forbidden.
Optional Attributes¶
You can also provide these optional attributes when creating a user:
locale: Optional. Defaults toen. Uses a supported BCP 47 language tag. Supported values areen,en-GB,en-AU,en-CA,ja,fr,pt,de,es, andit. This locale is used in messages that explain the reason for price changes in the booking review endpoint (not yet available).
Example¶
{
"data": {
"type": "users",
"attributes": {
"first-name": "John",
"last-name": "Doe",
"email": "john@example.com",
"locale": "en-GB"
}
}
}
List User Credentials¶
Returns the login credentials that are visible for the requested user.
- App-level tokens can list all credentials for the user.
- User-scoped tokens default to the bound credential. Admin credentials can list all credentials for that user; non-admin credentials only see themselves.
- Each credential object has its own
id. Use thatcredential_idwhen requesting a user-scoped token that must enforce one credential's visibility and grants.
Delete User¶
Soft-delete a user managed by your application. This anonymizes the user's email, disables all enabled listings, removes managed accounts, and marks the user as deleted.
Returns 204 No Content on success.
App-level token required
This endpoint requires an app-level token. Requests with a user-scoped token will receive 403 Forbidden.