As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Edit User 3.X - API
- Daniel Colon
/rest/{version}/users/{userId}/update
As of ThreadFix 3.8, when CoalFire Identity is enabled, user management must be performed from Coalfire Identity’s management dashboard
ThreadFix SaaS Customers please note when SSO is enabled, in order to restrict access to user modification, API commands are disabled at the SSO layer
Descriptor | Value |
|---|---|
HTTP Method | POST |
Description | Updates user information. To obtain the userId value in the endpoint, run the Get Users - API call first. The user's id value in the response is the userId value that you use in this endpoint. |
Required Permission | Manage Users |
Version Introduced | 2.6 |
Changes in 2.6.2 | Removed requirement that 'confirmPassword' parameter be included when changing password. |
Request Header Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request POST Data Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
name | String | No | Updates the name of the user. Maximum 40 characters. |
displayName | String | No | Updates the displayName of the user. |
type | String | No | Updates a LOCAL user to LDAP/SAML, an LDAP user to LOCAL/SAML, or a SAML user to LOCAL/LDAP. Possible values are LOCAL, LDAP, and SAML. |
activeDirectoryId | String | Possibly | Updates a non-LDAP user to LDAP user with 'type' and 'activeDirectoryId' parameters. Required when 'type' is in the request body and its value is 'LDAP'. |
password | String | Possibly | Updates password of an existing local user. Also, adds password to a non-LOCAL user update to LOCAL user. Minimum 12 characters. Required when 'confirmPassword' is in the request body. |
confirmPassword | String | Possibly | Must match password if supplied. Required when 'password' is in the request body in versions prior to 2.6.2 |
globalRoleId | String | No | Updates user's global role. Possible values are 0 for Read Access, -1 for No Global Access, Role ids. |
Sample Call:
curl -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'name=user123&displayName=user123' https://localhost:8443/threadfix/rest/latest/users/{userId}/updateSample Output:
{
"message": "",
"success": true,
"responseCode": -1,
"object": "Successfully updated the user."
}
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.