Skip to content

Users

Endpoint Method Scope Token Tier Description
/api/v1/users/ GET user:read Both List all users (paginated)
/api/v1/users/ POST user:write App-level only Create a new user
/api/v1/users/<id>/credentials/ GET user:read Both List credentials for a user
/api/v1/users/<id>/ DELETE user:write App-level only Delete a user

Try it out

Explore parameters, schemas, and live requests in the Swagger UI.

User Status

Every user resource includes a read-only status attribute describing its lifecycle state. It is derived from enabled-listing state and updates automatically as listings are enabled or disabled.

Value Meaning
new Created, but no listings enabled yet.
active Has at least one enabled listing.
inactive Was active before; no listings currently enabled.

List Users

Returns a paginated list of all users owned by the authenticated application. Supports pagination and sorting by created_at.

  • Filtering: filter[email]=<email> — exact, case-insensitive match on the user's email. Email is unique, so this returns at most one user. Use it to recover a user's id when you only have the email.
GET /api/v1/users/?filter[email]=john@example.com

User-scoped tokens

When using a user-scoped token, this endpoint returns only the user the token is bound to.

Create User

Create a new user managed by your application. Users created via this endpoint are managed by the OAuth2 application and cannot log in directly (password is randomly generated).

If a user with the same email already exists, the API returns 409 Conflict.

App-level token required

This endpoint requires an app-level token. Requests with a user-scoped token will receive 403 Forbidden.

Optional Attributes

You can also provide these optional attributes when creating a user:

  • locale: Optional. Defaults to en. Uses a supported BCP 47 language tag. Supported values are en, en-GB, en-AU, en-CA, ja, fr, pt, de, es, and it. This locale is used in messages that explain the reason for price changes in the booking review endpoint (not yet available).

Example

{
  "data": {
    "type": "users",
    "attributes": {
      "first-name": "John",
      "last-name": "Doe",
      "email": "john@example.com",
      "locale": "en-GB"
    }
  }
}

List User Credentials

Returns the login credentials that are visible for the requested user.

  • App-level tokens can list all credentials for the user.
  • User-scoped tokens default to the bound credential. Admin credentials can list all credentials for that user; non-admin credentials only see themselves.
  • Each credential object has its own id. Use that credential_id when requesting a user-scoped token that must enforce one credential's visibility and grants.

Delete User

Soft-delete a user managed by your application. This anonymizes the user's email, disables all enabled listings, removes managed accounts, and marks the user as deleted.

Returns 204 No Content on success.

App-level token required

This endpoint requires an app-level token. Requests with a user-scoped token will receive 403 Forbidden.