# Users

## List all users attached to the tenant

> Returns all back-office users with access to this tenant.\
>             \
> \## Authorization\
> Requires \`tenant.access:read\` scope.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Users"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}},"schemas":{"TenantUser":{"required":["email","id"],"type":"object","properties":{"id":{"minLength":1,"type":"string","description":"User identifier."},"email":{"minLength":1,"type":"string","description":"User email address."},"name":{"type":["null","string"],"description":"Display name."},"blocked":{"type":"boolean","description":"True when the account is blocked."},"lastLogin":{"type":["null","string"],"description":"Last login timestamp.","format":"date-time"},"tenantRole":{"type":["null","string"],"description":"Tenant role assigned to the user."}},"additionalProperties":false,"description":"Tenant-scoped user representation."}}},"paths":{"/api/{tenantId}/admin/users":{"get":{"tags":["Users"],"summary":"List all users attached to the tenant","description":"Returns all back-office users with access to this tenant.\n            \n## Authorization\nRequires `tenant.access:read` scope.","parameters":[{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Users returned.","content":{"text/plain":{"schema":{"type":"array","items":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}}},"application/json":{"schema":{"type":"array","items":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}}},"text/json":{"schema":{"type":"array","items":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}}}}}}}}}}
```

## Create a new user or attach an existing user to the tenant, unless already attached

> Creates a new Auth0 user or attaches an existing one to this tenant. If the user already has access to the tenant (a valid role), returns HTTP 409 Conflict.\
>             \
> \## Authorization\
> Requires \`tenant.access:write\` scope.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Users"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}},"schemas":{"CreateTenantUserRequest":{"required":["email","role"],"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"User email address."},"name":{"type":["null","string"],"description":"Display name."},"role":{"minLength":1,"type":"string","description":"Tenant role to assign."}},"additionalProperties":false,"description":"Request payload for creating a tenant user."},"TenantUser":{"required":["email","id"],"type":"object","properties":{"id":{"minLength":1,"type":"string","description":"User identifier."},"email":{"minLength":1,"type":"string","description":"User email address."},"name":{"type":["null","string"],"description":"Display name."},"blocked":{"type":"boolean","description":"True when the account is blocked."},"lastLogin":{"type":["null","string"],"description":"Last login timestamp.","format":"date-time"},"tenantRole":{"type":["null","string"],"description":"Tenant role assigned to the user."}},"additionalProperties":false,"description":"Tenant-scoped user representation."},"ProblemDetails":{"type":"object","properties":{"type":{"type":["null","string"]},"title":{"type":["null","string"]},"status":{"type":["null","integer"],"format":"int32"},"detail":{"type":["null","string"]},"instance":{"type":["null","string"]}},"additionalProperties":{}},"HttpValidationProblemDetails":{"type":"object","allOf":[{"$ref":"#/components/schemas/ProblemDetails"}],"properties":{"errors":{"type":"object","additionalProperties":{"type":"array","items":{"type":"string"}}}},"additionalProperties":{}}}},"paths":{"/api/{tenantId}/admin/users":{"post":{"tags":["Users"],"summary":"Create a new user or attach an existing user to the tenant, unless already attached","description":"Creates a new Auth0 user or attaches an existing one to this tenant. If the user already has access to the tenant (a valid role), returns HTTP 409 Conflict.\n            \n## Authorization\nRequires `tenant.access:write` scope.","parameters":[{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"description":"Request payload for creating a tenant user.","$ref":"#/components/schemas/CreateTenantUserRequest"}},"text/json":{"schema":{"description":"Request payload for creating a tenant user.","$ref":"#/components/schemas/CreateTenantUserRequest"}},"application/*+json":{"schema":{"description":"Request payload for creating a tenant user.","$ref":"#/components/schemas/CreateTenantUserRequest"}}}},"responses":{"201":{"description":"User created or attached.","content":{"text/plain":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}},"application/json":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}},"text/json":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}}}},"409":{"description":"User already has access to tenant.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}}}}}}}
```

## Get a user attached to the tenant

> Returns the back-office user details for the requested tenant.\
>             \
> \## Authorization\
> Requires \`tenant.access:read\` scope.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Users"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}},"schemas":{"TenantUser":{"required":["email","id"],"type":"object","properties":{"id":{"minLength":1,"type":"string","description":"User identifier."},"email":{"minLength":1,"type":"string","description":"User email address."},"name":{"type":["null","string"],"description":"Display name."},"blocked":{"type":"boolean","description":"True when the account is blocked."},"lastLogin":{"type":["null","string"],"description":"Last login timestamp.","format":"date-time"},"tenantRole":{"type":["null","string"],"description":"Tenant role assigned to the user."}},"additionalProperties":false,"description":"Tenant-scoped user representation."},"ProblemDetails":{"type":"object","properties":{"type":{"type":["null","string"]},"title":{"type":["null","string"]},"status":{"type":["null","integer"],"format":"int32"},"detail":{"type":["null","string"]},"instance":{"type":["null","string"]}},"additionalProperties":{}},"HttpValidationProblemDetails":{"type":"object","allOf":[{"$ref":"#/components/schemas/ProblemDetails"}],"properties":{"errors":{"type":"object","additionalProperties":{"type":"array","items":{"type":"string"}}}},"additionalProperties":{}}}},"paths":{"/api/{tenantId}/admin/users/{userId}":{"get":{"tags":["Users"],"summary":"Get a user attached to the tenant","description":"Returns the back-office user details for the requested tenant.\n            \n## Authorization\nRequires `tenant.access:read` scope.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}},{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"User returned.","content":{"text/plain":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}},"application/json":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}},"text/json":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}}}},"404":{"description":"User not found for tenant.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}}}}}}}
```

## Update a user attached to the tenant

> Updates the tenant role and/or display name for a back-office user.\
>             \
> \## Authorization\
> Requires \`tenant.access:write\` scope.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Users"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}},"schemas":{"UpdateTenantUserRequest":{"required":["role"],"type":"object","properties":{"name":{"type":["null","string"],"description":"Updated display name."},"role":{"minLength":1,"type":"string","description":"Updated tenant role."}},"additionalProperties":false,"description":"Request payload for updating a tenant user."},"TenantUser":{"required":["email","id"],"type":"object","properties":{"id":{"minLength":1,"type":"string","description":"User identifier."},"email":{"minLength":1,"type":"string","description":"User email address."},"name":{"type":["null","string"],"description":"Display name."},"blocked":{"type":"boolean","description":"True when the account is blocked."},"lastLogin":{"type":["null","string"],"description":"Last login timestamp.","format":"date-time"},"tenantRole":{"type":["null","string"],"description":"Tenant role assigned to the user."}},"additionalProperties":false,"description":"Tenant-scoped user representation."},"ProblemDetails":{"type":"object","properties":{"type":{"type":["null","string"]},"title":{"type":["null","string"]},"status":{"type":["null","integer"],"format":"int32"},"detail":{"type":["null","string"]},"instance":{"type":["null","string"]}},"additionalProperties":{}},"HttpValidationProblemDetails":{"type":"object","allOf":[{"$ref":"#/components/schemas/ProblemDetails"}],"properties":{"errors":{"type":"object","additionalProperties":{"type":"array","items":{"type":"string"}}}},"additionalProperties":{}}}},"paths":{"/api/{tenantId}/admin/users/{userId}":{"put":{"tags":["Users"],"summary":"Update a user attached to the tenant","description":"Updates the tenant role and/or display name for a back-office user.\n            \n## Authorization\nRequires `tenant.access:write` scope.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}},{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"description":"Request payload for updating a tenant user.","$ref":"#/components/schemas/UpdateTenantUserRequest"}},"text/json":{"schema":{"description":"Request payload for updating a tenant user.","$ref":"#/components/schemas/UpdateTenantUserRequest"}},"application/*+json":{"schema":{"description":"Request payload for updating a tenant user.","$ref":"#/components/schemas/UpdateTenantUserRequest"}}}},"responses":{"200":{"description":"User updated.","content":{"text/plain":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}},"application/json":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}},"text/json":{"schema":{"description":"Tenant-scoped user representation.","$ref":"#/components/schemas/TenantUser"}}}},"404":{"description":"User not found for tenant.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}}}}}}}
```

## Remove a user from the tenant

> Removes the tenant access from the user but keeps the Auth0 account.\
>             \
> \## Authorization\
> Requires \`tenant.access:write\` scope.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Users"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}}},"paths":{"/api/{tenantId}/admin/users/{userId}":{"delete":{"tags":["Users"],"summary":"Remove a user from the tenant","description":"Removes the tenant access from the user but keeps the Auth0 account.\n            \n## Authorization\nRequires `tenant.access:write` scope.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}},{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"User removed from tenant."}}}}}}
```

## Get current authenticated user for the tenant

> Returns profile information and fully-expanded permissions for the current authenticated back-office user.\
>             \
> \- If caller is global administrator, all permissions are returned.\
> \- If role contains wildcard permissions (\`\*\` or \`area:\*\`), values are expanded.\
>             \
> \## Authorization\
> Requires \`tenant.core:read\` scope.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Users"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}},"schemas":{"CurrentTenantUser":{"required":["email","permissions","userId"],"type":"object","properties":{"userId":{"minLength":1,"type":"string","description":"User identifier."},"email":{"minLength":1,"type":"string","description":"User email address."},"displayName":{"type":["null","string"],"description":"User display name."},"role":{"type":["null","string"],"description":"Tenant role assigned to the user.\nCan be globalAdministrator for global admins not assigned to a tenant role."},"permissions":{"type":"array","items":{"type":"string"},"description":"Expanded permissions for the current user."}},"additionalProperties":false,"description":"Current authenticated tenant user representation."},"ProblemDetails":{"type":"object","properties":{"type":{"type":["null","string"]},"title":{"type":["null","string"]},"status":{"type":["null","integer"],"format":"int32"},"detail":{"type":["null","string"]},"instance":{"type":["null","string"]}},"additionalProperties":{}},"HttpValidationProblemDetails":{"type":"object","allOf":[{"$ref":"#/components/schemas/ProblemDetails"}],"properties":{"errors":{"type":"object","additionalProperties":{"type":"array","items":{"type":"string"}}}},"additionalProperties":{}}}},"paths":{"/api/{tenantId}/admin/users/me":{"get":{"tags":["Users"],"summary":"Get current authenticated user for the tenant","description":"Returns profile information and fully-expanded permissions for the current authenticated back-office user.\n            \n- If caller is global administrator, all permissions are returned.\n- If role contains wildcard permissions (`*` or `area:*`), values are expanded.\n            \n## Authorization\nRequires `tenant.core:read` scope.","parameters":[{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Current user returned.","content":{"text/plain":{"schema":{"description":"Current authenticated tenant user representation.","$ref":"#/components/schemas/CurrentTenantUser"}},"application/json":{"schema":{"description":"Current authenticated tenant user representation.","$ref":"#/components/schemas/CurrentTenantUser"}},"text/json":{"schema":{"description":"Current authenticated tenant user representation.","$ref":"#/components/schemas/CurrentTenantUser"}}}},"401":{"description":"Caller identity is missing user identifier.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}},"403":{"description":"User does not have access to this tenant.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.thewalletcrew.io/develop/api-reference/advanced/users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.