/api/users/:id
Get a specific user by their ID, and make changes to their user.
Info
This endpoint requires authentication.
Info
This endpoint requires administrator priviliges or higher.
Path Parameters
| Name | Type | Description |
|---|---|---|
id | string | The unique ID of the user. |
GET Request
Response
Status: 200 OK
Content-Type: application/json
A users object.
Example
{"id": "cmb6042f500029kenox2u8npu","username": "admin","createdAt": "2025-05-27T04:13:22.625Z","updatedAt": "2025-05-27T04:13:22.689Z","role": "SUPERADMIN","view": {},"oauthProviders": [],"totpSecret": null,"passkeys": [],"quota": null,"sessions": ["QSmGQUAjHBQCCdn7p6YfIOuAR24ZTNIL"],"avatar": null}
Error Responses
-
404 Not Found
If the user with the specified ID does not exist.
PATCH Request
Edit a user
Body
Content-Type: application/json
| Property | Type | Description |
|---|---|---|
username | string?~ | New username for the user. |
password | string?~ | New password for the user. |
avatar | string?~ | Base64 avatar image string. |
role | 'USER' | 'ADMIN'?~ | New role to assign. Only assignable by users with sufficient privileges. |
quota | object?~ | Object for file/url quota configuration (see below). |
Quota Object
| Property | Type | Description |
|---|---|---|
filesType | 'BY_BYTES' | 'BY_FILES' | 'NONE'?~ | Type of file quota limit. |
maxFiles | number?~ | Maximum number of files allowed. Required if filesType is 'BY_FILES' |
maxBytes | string?~ | Maximum storage in bytes. Required if filesType is 'BY_BYTES' |
maxUrls | number?~ | Maximum number of URLs allowed. |
Example
{"username": "newname","role": "ADMIN","quota": {"filesType": "BY_BYTES","maxBytes": "1073741824","maxUrls": 10}}
Response
Status: 200 OK
Content-Type: application/json
Returns the updated User object.
Example
{"id": "cmb618zts00059ken21a6uenw","username": "hello","createdAt": "2025-05-27T04:45:12.160Z","updatedAt": "2025-05-27T04:45:12.160Z","role": "USER","view": {},"oauthProviders": [],"quota": null,"sessions": []}
Error Responses
-
400 Bad Request
Invalid fields, missing required quota properties, invalid role.
-
404 Not Found
If the user with the specified ID does not exist.
DELETE Request
Delete a user by their ID.
Body
Content-Type: application/json
| Property | Type | Description |
|---|---|---|
delete | boolean? | If true, also delete all files and URLs belonging to the user. |
Example
{"delete": true}
Response
Status: 200 OK
Content-Type: application/json
Returns the deleted User object.
Example
{"id": "cmb618zts00059ken21a6uenw","username": "hello","createdAt": "2025-05-27T04:45:12.160Z","updatedAt": "2025-05-27T04:45:12.160Z","role": "USER","view": {},"oauthProviders": [],"quota": null,"sessions": []}
/api/users
Perform various actions on users, or retrieve all the users in the dat...
/api/auth/invites
View all invites or create an invite code.
Last updated: 5/28/2025
Edit this page on GitHub