Skip to main content
All endpoints on this page require: 
Authorization: Bearer <partner_jwt>

Role Model

  • admin: partner admin user
  • user: partner normal user
Only partner admin can call:
  • POST /api/users
  • DELETE /api/users/:id
  • POST /api/users/:id/active-status

1) Get Current User

GET /api/users/me
Returns current JWT user profile.

2) List Partner Users

GET /api/users
Returns all users under authenticated user’s partner.

3) Create Partner User (Admin only)

POST /api/users
Request body:
FieldTypeRequiredNotes
emailstringYesUser email
passwordstringYesMD5 string
firstNamestringNoOptional
lastNamestringNoOptional
phoneNumberstringNoOptional
rolestringYesadmin or user
Example: 
{
  "email": "new.user@partner.com",
  "password": "<MD5_PASSWORD_HASH>",
  "firstName": "New",
  "lastName": "User",
  "phoneNumber": "+12025550124",
  "role": "user"
}

4) Delete Partner User (Admin only)

DELETE /api/users/:id
Rules:
  • Target user must belong to same partner

5) Update User Active Status (Admin only)

POST /api/users/:id/active-status
Request body: 
{
  "isActive": false
}
Rules:
  • Current user must be partner admin
  • Target user must belong to same partner
  • Only target users with role user can be updated

Success Response Envelope

For write operations returning no payload in service: 
{
  "message": "success"
}
or data may be empty depending on client parser.

Common Errors

  • 403 Require partner admin role
  • 404 User not found
  • 403 Cannot delete user from another partner
  • 403 Cannot update user from another partner
  • 400 Can only update user role status, not admin
  • 409 Conflict (duplicate email under same partner)