API: Users & Authorities

This section covers user management and authority assignments via the API.

Authorities Reference

Authority	Description
MANAGE_USERS	Manage users: change passwords, grant or remove authorities
MANAGE_LISTENERS	Create, update, and delete listeners
MANAGE_PAYLOADS	Create and delete payloads
MANAGE_AGENTS	Manage agent state and metadata
MANAGE_DISCOVERY	Edit and archive hosts, services, and credentials
SEND_COMMANDS	Send commands to agents
MODIFY_FILES	Upload, replace, and delete hosted files
VIEW_RESOURCES	Base authority to view agents, listeners, files, and commands. Cannot be removed.
MANAGE_JOBS	Pause, resume, and restart jobs

---

List All Users

Retrieve a list of all user accounts.

GET /api/v1/users HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

---

Get User Information

Fetch details for a specific user by username.

GET /api/v1/users/{USER_NAME} HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

---

Get My User Info

Retrieve the profile of the currently authenticated user.

GET /api/v1/users/me HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

---

Change My Password

Update the password for the currently authenticated user.

PUT /api/v1/users/me/password HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "oldPassword": "{OLD_PASSWORD}",
  "newPassword": "{NEW_PASSWORD}"
}

---

Add New User

Create a new user account with a set of authorities.

POST /api/v1/users HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "username": "{USER_NAME}",
  "password": "{USER_PASSWORD}",
  "authorities": ["{AUTHORITY_1}", "{AUTHORITY_2}"]
}

---

Edit Existing User

Update the enabled state and authorities for a user.

PUT /api/v1/users/{USER_NAME} HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "enabled": true,
  "authorities": ["{AUTHORITY_1}", "{AUTHORITY_2}"]
}