πŸ‘₯ Users API: How to Use It

Manage users with flexible roles and secure integrations

πŸ”Ž What Is the Users API?

Version 3 of Clara’s Users API lets you manage user accounts securely, with support for:

  • Role and location handling
  • Advanced filtering through query parameters
  • User lifecycle operations support (onboarding, status tracking, updating, and deletion)

All operations are secured via Mutual TLS and OAuth2 authentication protocols.


πŸ” Authentication

To use the API:

  1. Obtain client certificate and credentials via the Clara platform.
  2. Request an access token via POST /oauth/token with your client_id and client_secret.
  3. Use the access token in the Authorization header for all subsequent API requests.

πŸ”§ Core Use Cases


1️⃣ List Users

  • GET /api/v3/users β€” with filters for role, name, status.
  • Successful Response HTTP Status:
    200 OK: List of users successfully returned
  • Query Parameters:
ParameterTypeDefaultExampleDescription
pageinteger0Zero-based page index (default: 0)
sizeinteger50Number of users per page (default: 50)
statusstringACTIVEFilter by user status (e.g., ACTIVE, LOCKED)
rolestringEMPLOYEEFilter by role (EMPLOYEE, MANAGER, COMPANY_OWNER, BOOKKEEPER)
uuidstring90a50162-f673-4be0-bfa0-67dc0adde16fFilter by specific user UUID
namestringJohnFilter by first name
lastNamestringCenaFilter by last name
fullNamestringJohn CenaFilter by full name
emailstring[email protected]Filter by email address
mobilePhonestring5512345678Filter by mobile phone number
taxIdentifierstringDANT120619Z45Filter by tax identifier
erpIdstringSADSADASDASDAS351345Filter by ERP ID
createdAtStartstring2022-03-28Filter users created after this date (YYYY-MM-DD)
createdAtEndstring2025-03-28Filter users created before this date (YYYY-MM-DD)
locationUuidstring90a50162-f673-4be0-bfa0-67dc0adde16fFilter by location UUID
locationNamestringBarcelonaFilter by location name
managerUuidstring90a50162-f673-4be0-bfa0-67dc0adde16fFilter by manager UUID
  • Example Request:
GET /api/v3/users?page=0&size=5&status=ACTIVE&role=EMPLOYEE HTTP/1.1
Host: public-api.mx.clara.com
Authorization: Bearer YOUR_ACCESS_TOKEN
  • Example Response:
{
  "totalElements": 1,
  "content": [
    {
      "uuid": "a0c82a20-ac09-4cfd-b429-d0623585911e",
      "fullName": "John Doe",
      "name": "John",
      "lastName": "Doe",
      "email": "[email protected]",
      "mobilePhone": "5512345678",
      "taxIdentifier": "DANT120619Z45",
      "role": "EMPLOYEE",
      "erpId": "SADSADASDASDAS351345",
      "status": "ACTIVE",
      "createdAt": "2023-10-01T12:00:00",
      "location": {
        "uuid": "loc-123",
        "name": "Barcelona",
        "_links": {
          "self": {
            "href": "https://public-api.mx.clara.com/api/v3/locations/loc-123"
          }
        }
      },
      "manager": {
        "uuid": "manager-uuid",
        "_links": {
          "self": {
            "href": "https://public-api.mx.clara.com/api/v3/users/manager-uuid"
          }
        }
      },
      "_links": {
        "self": {
          "href": "https://public-api.mx.clara.com/api/v3/users/a0c82a20-ac09-4cfd-b429-d0623585911e"
        }
      }
    }
  ]
}

2️⃣Create a User

  • POST /api/v3/users β€” add a new user to your organization.
  • Successful Response HTTP Status:
    201 Created: User successfully created
  • Request Body Parameters:
ParameterTypeRequiredDescription
emailstringβœ…User's email address which also serves as their username. This is the primary identifier for the user in the system and is used for login purposes and notifications. It must be unique within the company and is a required field for user creation.
namestringβœ…User's first name. Used for display purposes throughout the system. This field is used in reports, notifications, and user interfaces. It is a required field for user creation and part of the user's identity in the system.
lastNamestringβœ…User's last name. Used for display purposes throughout the system. This field is used in reports, notifications, and user interfaces. It is a required field for user creation and part of the user's identity in the system.
groupsstring❌List of group UUIDs that the user will be assigned to. Groups determine the user's access permissions and organizational structure. This field is required for all users except those with the COMPANY_OWNER role. At least one group must be provided for non-company owner users.
ladastring❌User's phone country code (lada). Used for contact information. If not provided, defaults to +52 for Mexico, +55 for Brazil, and +57 for Colombia based on company location. This field is used together with mobilePhone for user notifications and contact purposes.
mobilePhonestringβœ…User's mobile phone number. Used for contact information and notifications. This is a required field for user creation and is used for sending important notifications to the user. The format should follow the country's phone number standard without the country code.
rolestringβœ…User's role in the system. Determines the user's permissions and access level. This is a required field for user creation and affects the validation of other fields. COMPANY_OWNER users have special privileges and different validation rules. Common values include EMPLOYEE, MANAGER, COMPANY_OWNER, and BOOKKEEPER.
managerUuidstring❌UUID of the user's direct manager or supervisor. Used to establish the organizational hierarchy and reporting structure. This field is optional but recommended for proper organizational structure visualization. It affects approval workflows and reporting relationships in the system.
locationUuidstring❌UUID of the location where the user is assigned. Associates the user with a specific physical or organizational location in the company. This field is required for all users except those with the COMPANY_OWNER role. It affects location-based reports, filters, and organizational structure.
erpIdstring❌User's Enterprise Resource Planning (ERP) identifier. Used to link the user with external ERP systems. This field facilitates integration with other business systems and is optional. If provided, it should match the identifier used in the connected ERP system.
taxIdentifierstring❌User's tax identification number. Used for financial and tax-related purposes. This field is optional but recommended for financial transactions and tax reporting.
foreignboolean❌Flag indicating if the user is from a foreign country. Affects how the system handles certain validations and processes for the user. If not provided, defaults to false. This field may impact tax calculations and regulatory compliance.
  • Example Request:
{
  "email": "[email protected]",
  "name": "Jane",
  "lastName": "Doe",
  "mobilePhone": 5512345678,
  "lada": "+52",
  "role": "EMPLOYEE",
  "groups": ["a0c82a20-ac09-4cfd-b429-d0623585911e"],
  "locationUuid": "409e3ccd-4e87-480a-98d5-126c54ff9457",
  "managerUuid": "0d761141-6cee-495c-a27e-99875bdce721",
  "erpId": "ERP-001",
  "taxIdentifier": "RFC123456789",
  "foreign": false
}
  • Example Response:
{
  "uuid": "b1d23c20-bc00-4cfd-b429-d0623585912f"
}

3️⃣ Retrieve by UUID

  • GET /api/v3/users/{uuid} β€” fetch details of a single user using their UUID.
  • Successful Response HTTP Status:
    200 OK: User successfully retrieved
  • Path Parameters:
ParameterTypeDescription
uuidstringUUID of the user
  • Example Request:
GET /api/v3/users/a0c82a20-ac09-4cfd-b429-d0623585911e HTTP/1.1
Authorization: Bearer YOUR_ACCESS_TOKEN
  • Example Response:
{
  "uuid": "a0c82a20-ac09-4cfd-b429-d0623585911e",
  "fullName": "John Doe",
  "name": "John",
  "lastName": "Doe",
  "email": "[email protected]",
  "mobilePhone": "5512345678",
  "taxIdentifier": "RFC987654321",
  "role": "EMPLOYEE",
  "erpId": "ERP-001",
  "status": "ACTIVE",
  "createdAt": "2023-10-01T12:00:00",
  "groups": [
    {
      "uuid": "group-123",
      "name": "Engineering",
      "_links": {
        "self": {
          "href": "https://public-api.mx.clara.com/api/v3/groups/group-123"
        }
      }
    }
  ],
  "location": {
    "uuid": "loc-456",
    "name": "Mexico City",
    "_links": {
      "self": {
        "href": "https://public-api.mx.clara.com/api/v3/locations/loc-456"
      }
    }
  },
  "cards": [
    {
      "uuid": "card-001",
      "status": "ACTIVE",
      "lockCode": "UNLOCKED",
      "alias": "Main Card",
      "threshold": 1000,
      "periodicity": "MONTHLY",
      "maskedPan": "514509******5946",
      "type": "MASTER_VIRTUAL",
      "_links": {
        "self": {
          "href": "https://public-api.mx.clara.com/api/v3/cards/card-001"
        }
      }
    }
  ],
  "manager": {
    "uuid": "manager-uuid-789",
    "name": "Jane",
    "lastName": "Smith",
    "email": "[email protected]",
    "erpId": "ERP-002",
    "_links": {
      "self": {
        "href": "https://public-api.mx.clara.com/api/v3/users/manager-uuid-789"
      }
    }
  },
  "_links": {
    "self": {
      "href": "https://public-api.mx.clara.com/api/v3/users/a0c82a20-ac09-4cfd-b429-d0623585911e"
    }
  }
}

4️⃣Update User Info

  • PATCH /api/v3/users/{uuid} β€” modify the details of an existing user.
  • Successful Response HTTP Status:
    200 OK: User successfully updated
  • Path Parameter:
ParameterTypeDescription
uuidstringUUID of the user
  • Request Body Parameters:
ParameterTypeDescription
emailstringUser's email/username. Serves as the primary identifier for the user in the system. This field is used for login purposes and notifications. Updating this field will change the user's login credentials.
namestringUser's first name. Used for display purposes throughout the system. This field is used in reports, notifications, and user interfaces. Updating this field will change how the user's name appears in the system.
lastNamestringUser's last name. Used for display purposes throughout the system. This field is used in reports, notifications, and user interfaces. Updating this field will change how the user's name appears in the system.
ladastringUser's phone country code (lada). Used for contact information. Must be provided together with mobilePhone or not at all. If one is provided without the other, a validation error will occur. Updating this field will change the user's contact information.
mobilePhonestringUser's mobile phone number. Used for contact information and notifications. Must be provided together with lada or not at all. If one is provided without the other, a validation error will occur. Updating this field will change the user's contact information.
rolestringUser's role. Determines the user's permissions and access level in the system. Changing a user's role may affect their access to certain features and data. This field triggers an update to the user's role in the system.
locationUuidstringUser's location UUID. Associates the user with a specific location in the company. This field is used to determine the user's physical or organizational location. Updating this field will change where the user appears in location-based reports and filters.
erpIdstringUser's Enterprise Resource Planning (ERP) identifier. Used to link the user with external ERP systems. This field facilitates integration with other business systems. Updating this field will change how the user is identified in integrated ERP systems.
taxIdentifierstringUser's tax identification number. Used for financial and tax-related purposes. This field is required for financial transactions and tax reporting. Updating this field will change the user's tax information in the system.
managerUuidstringUser's manager UUID. Identifies the user's direct supervisor or manager in the organizational hierarchy. This field is used for reporting structures and approval workflows. Updating this field will change the user's position in the organizational chart.
groupsToAddstringUser's groups UUIDs to add. Specifies which groups the user should be added to. If provided, must contain at least one group UUID. Cannot contain groups that the user is already a member of unless cleanGroups is true. Cannot contain the same group UUIDs as groupsToRemove. At least one group must be provided when cleanGroups is true. After applying all changes, the user must remain in at least one group.
groupsToRemovestringUser's groups UUIDs to remove. Specifies which groups the user should be removed from. If provided, must contain at least one group UUID. Must only contain groups that the user is currently a member of. Cannot contain the same group UUIDs as groupsToAdd. Should not be provided when cleanGroups is true. After applying all changes, the user must remain in at least one group.
cleanGroupsbooleanFlag to indicate if all existing groups should be removed before adding new ones. When true, all of the user's current groups will be removed and replaced with the groups specified in groupsToAdd. When true, groupsToRemove should not be provided as it would be redundant. When true, groupsToAdd must contain at least one group to ensure the user remains in at least one group. Defaults to false if not provided.
  • Example Request:

Group Management Fields

The following fields enhance how a user's group memberships are updated:

  • groupsToAdd: Adds the user to one or more groups. Must not duplicate existing memberships.
  • groupsToRemove: Removes the user from specified groups. Must already be a member of those groups.
  • cleanGroups: If true, removes all existing groups before adding new ones from groupsToAdd.

⚠️

When cleanGroups is true, groupsToAdd must include at least one group. The user must always remain in at least one group.

{
  "name": "Johnathan",
  "mobilePhone": 5512345679,
  "lada": "+52",
  "groupsToAdd": [
    "a0c82a20-ac09-4cfd-b429-d0623585911e"
  ],
  "groupsToRemove": [
    "10c82a20-ac09-4cfd-b429-d0623585912e"
  ],
  "cleanGroups": false
}
  • Example Response:
"User updated"

5️⃣ Delete a User

  • DELETE /api/v3/users/{uuid} β€” delete a user using their UUID
  • Successful Response HTTP Status:
    204 No Content: User successfully deleted
  • Path Parameter:
ParameterTypeDescription
uuidstringUUID of the user
  • Example Request:
DELETE /api/v3/users/a0c82a20-ac09-4cfd-b429-d0623585911e HTTP/1.1
Authorization: Bearer YOUR_ACCESS_TOKEN
  • Example Response:
204 No Content

πŸ”„ User Lifecycle Statuses

  • ONBOARDING_CANDIDATE: User has been created but not fully onboarded.
  • WAITING: User is awaiting some verification or action.
  • DELETED: User account has been marked for deletion.
  • ACTIVE: User is active and can use the system.
  • LOCKED: User account is locked.
  • INACTIVE: User is not currently active but may be reactivated.
  • PENDING: User creation is pending.
  • MASTER_LOCKED: User is locked at the highest permission level.
  • CLARA_BLOCKED: User is blocked by the system administrator.

πŸ“‹ Lifecycle Flow

Create β†’ Activate β†’ Use β†’ Lock/Block β†’ Deactivate/Delete

  1. Creation: A user is created via the POST /api/v3/users endpoint. Initially, they may be in a status such as ONBOARDING_CANDIDATE or PENDING.
  2. Activation: After onboarding steps are completed, the user transitions to ACTIVE.
  3. Usage: The user actively participates in the platform's operations.
  4. Locking/Blocking: If needed, the user may be LOCKED, MASTER_LOCKED, or CLARA_BLOCKED due to policy violations or security issues.
  5. Deactivation: Users can be set to INACTIVE if no longer participating but still retained in the system.
  6. Deletion: Finally, the user can be marked as DELETED via the DELETE /api/v3/users/{uuid} endpoint.