User Management REST API Reference
Use the User Management REST API to create, delete, and list representations of users in your Alexa Smart Properties (ASP) organization.
API endpoint
The endpoint of the User Management API is https://api.amazonalexa.com.
Authentication
Each API request must have an authorization header whose value is the access token retrieved from Login with Amazon (LWA). For details, see Manage API Access.
Operations
The User API includes the following operations.
| Operation | HTTP Method and URI | 
|---|---|
| 
 | |
| 
 | |
| 
 | 
Create user
Create a new user in the specified organization.
This operation is available in the following countries.
| Healthcare | Hospitality | Senior Living | Core | 
|---|---|---|---|
| None | US, CA | US, CA | US, CA | 
Request
To create a user, you make a POST request to the /v1/auth/users resource.
Request path and header example
POST /v1/auth/users HTTP/1.1
Host: api.amazonalexa.com
Content-Type: application/json
Authorization: Bearer {access token}
Request path and header parameters
| Parameter | Located in | Description | Type | Required | 
|---|---|---|---|---|
| 
 | Header | Access token for the customer.   | String | Yes | 
Request body example
{
  "organizationId": "amzn1.alexa.org.did.1"
}
Request body properties
| Parameter | Description | Type | Required | 
|---|---|---|---|
| 
 | Identifies the organization to which to add the user.   | String | Yes | 
Response
A successful response returns HTTP 201 Created, along with the user credentials.
On error, the response returns the appropriate HTTP status code and includes a response body with a human-readable description.
Response body example
The following example shows the body of a successful response.
{
  "userId": "amzn1.alexa.org.user.did.1",
  "accessToken": "someToken.1",
  "refreshToken": "someToken.2"
}
Response body properties
| Parameter | Description | Type | 
|---|---|---|
| 
 | ID of the added user. | String | 
| 
 | Token that represents the added user.  | String | 
| 
 | Refresh token that represents the added user.   | String | 
HTTP status codes
| Status | Description | 
|---|---|
| 
 | Response body contains the user credentials. | 
| 
 | Indicates that one or more properties in the request body aren't valid. 
 | 
| 
 | Request didn't include the authorization token, or the included token expired or isn't valid. Or, you don't have access to the resource. | 
| 
 | Indicates that the authorization token is valid, but the requested operation isn't allowed. | 
| 
 | Requested resource not found. | 
| 
 | Permitted rate limit, specified as the number of requests per unit of time, exceeded. You can retry the request by using exponential back-off. | 
| 
 | Error occurred on the server. You can retry the request by using exponential back-off. | 
| 
 | Server is down for maintenance, overloaded, or otherwise unavailable to handle the incoming request. | 
Delete user
Removes the specified user.
This operation is available in the following countries.
| Healthcare | Hospitality | Senior Living | Core | 
|---|---|---|---|
| None | US, CA | US, CA | US, CA | 
Request
To remove a user, you make a DELETE request to the /v1/auth/users/{userId} resource.
Request path and header example
DELETE /v1/auth/users/{userId} HTTP/1.1
Host: api.amazonalexa.com
Content-Type: application/json
Authorization: Bearer {access token}
Request path and header parameters
| Parameter | Located in | Description | Type | Required | 
|---|---|---|---|---|
| 
 | Path | ID of the user to delete.   | String | Yes | 
| 
 | Header | Access token for the customer.   | String | Yes | 
Request body example
The request has no body.
Request body properties
The request has no body.
Response
A successful response returns HTTP 204 No Content.
On error, the response returns the appropriate HTTP status code and includes a response body with a human-readable description.
Response body example
The response has no body.
Response body properties
The response has no body.
HTTP status codes
| Status | Description | 
|---|---|
| 
 | User deleted successfully. | 
| 
 | Indicates that one or more properties in the request body aren't valid. 
 | 
| 
 | Request didn't include the authorization token, or the included token expired or isn't valid. Or, you don't have access to the resource. | 
| 
 | Indicates that the authorization token is valid, but the requested operation isn't allowed. | 
| 
 | Requested resource not found. | 
| 
 | Permitted rate limit, specified as the number of requests per unit of time, exceeded. You can retry the request by using exponential back-off. | 
| 
 | Error occurred on the server. You can retry the request by using exponential back-off. | 
| 
 | Server is down for maintenance, overloaded, or otherwise unavailable to handle the incoming request. | 
List users
Lists the users of the specified organization.
This operation is available in the following countries.
| Healthcare | Hospitality | Senior Living | Core | 
|---|---|---|---|
| None | US, CA | US, CA | US, CA | 
Request
To list users, you make a GET request to the /v1/auth/users resource.
Request path and header example
GET /v1/auth/users?organizationId={organizationId}&maxResults={maxResults}&nextToken={nextToken} HTTP/1.1
Host: api.amazonalexa.com
Content-Type: application/json
Authorization: Bearer {access token}
Request path and header parameters
| Parameter | Located in | Description | Type | Required | 
|---|---|---|---|---|
| 
 | Query | Filter on the organization.  | String | No | 
| 
 | Query | Maximum number of results to return in the response.  | Integer | No | 
| 
 | Query | Token from the previous response.  | String | No | 
| 
 | Header | Access token for the customer.   | String | Yes | 
Request body example
The request has no body.
Request body properties
The request has no body.
Response
A successful response returns HTTP 200 OK, along with a list of users for the specified organization.
On error, the response returns the appropriate HTTP status code and includes a response body with a human-readable description.
Response body example
{
  "results": [
    {
      "userId": "amzn1.alexa.org.user.did.1"
    },
    {
      "userId": "amzn1.alexa.org.user.did.2"
    }
  ],
  "paginationContext": {
    "nextToken": null
  }
}
Response body properties
| Property | Description | Type | 
|---|---|---|
| 
 | List of users under the specified organization.  | Array of objects | 
| 
 | ID of the retrieved user.   | String | 
| 
 | Indicates whether there are more results to return. | Object | 
| 
 | Included when the response is truncated.  | String | 
HTTP status codes
| Status | Description | 
|---|---|
| 
 | Response body contains the list of user IDs for the specified organization. | 
| 
 | Indicates that one or more properties in the request body aren't valid. 
 | 
| 
 | Request didn't include the authorization token, or the included token expired or isn't valid. Or, you don't have access to the resource. | 
| 
 | Indicates that the authorization token is valid, but the requested operation isn't allowed. | 
| 
 | Requested resource not found. | 
| 
 | Permitted rate limit, specified as the number of requests per unit of time, exceeded. You can retry the request by using exponential back-off. | 
| 
 | Error occurred on the server. You can retry the request by using exponential back-off. | 
| 
 | Server is down for maintenance, overloaded, or otherwise unavailable to handle the incoming request. | 
Related topics
Last updated: Dec 04, 2024