1
0

user_admin_api.rst 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727
  1. .. contents::
  2. Query User Account
  3. ==================
  4. This API returns information about a specific user account.
  5. The api is::
  6. GET /_synapse/admin/v2/users/<user_id>
  7. To use it, you will need to authenticate by providing an ``access_token`` for a
  8. server admin: see `README.rst <README.rst>`_.
  9. It returns a JSON body like the following:
  10. .. code:: json
  11. {
  12. "displayname": "User",
  13. "threepids": [
  14. {
  15. "medium": "email",
  16. "address": "<user_mail_1>"
  17. },
  18. {
  19. "medium": "email",
  20. "address": "<user_mail_2>"
  21. }
  22. ],
  23. "avatar_url": "<avatar_url>",
  24. "admin": false,
  25. "deactivated": false
  26. }
  27. URL parameters:
  28. - ``user_id``: fully-qualified user id: for example, ``@user:server.com``.
  29. Create or modify Account
  30. ========================
  31. This API allows an administrator to create or modify a user account with a
  32. specific ``user_id``.
  33. This api is::
  34. PUT /_synapse/admin/v2/users/<user_id>
  35. with a body of:
  36. .. code:: json
  37. {
  38. "password": "user_password",
  39. "displayname": "User",
  40. "threepids": [
  41. {
  42. "medium": "email",
  43. "address": "<user_mail_1>"
  44. },
  45. {
  46. "medium": "email",
  47. "address": "<user_mail_2>"
  48. }
  49. ],
  50. "avatar_url": "<avatar_url>",
  51. "admin": false,
  52. "deactivated": false
  53. }
  54. To use it, you will need to authenticate by providing an ``access_token`` for a
  55. server admin: see `README.rst <README.rst>`_.
  56. URL parameters:
  57. - ``user_id``: fully-qualified user id: for example, ``@user:server.com``.
  58. Body parameters:
  59. - ``password``, optional. If provided, the user's password is updated and all
  60. devices are logged out.
  61. - ``displayname``, optional, defaults to the value of ``user_id``.
  62. - ``threepids``, optional, allows setting the third-party IDs (email, msisdn)
  63. belonging to a user.
  64. - ``avatar_url``, optional, must be a
  65. `MXC URI <https://matrix.org/docs/spec/client_server/r0.6.0#matrix-content-mxc-uris>`_.
  66. - ``admin``, optional, defaults to ``false``.
  67. - ``deactivated``, optional. If unspecified, deactivation state will be left
  68. unchanged on existing accounts and set to ``false`` for new accounts.
  69. If the user already exists then optional parameters default to the current value.
  70. In order to re-activate an account ``deactivated`` must be set to ``false``. If
  71. users do not login via single-sign-on, a new ``password`` must be provided.
  72. List Accounts
  73. =============
  74. This API returns all local user accounts.
  75. The api is::
  76. GET /_synapse/admin/v2/users?from=0&limit=10&guests=false
  77. To use it, you will need to authenticate by providing an ``access_token`` for a
  78. server admin: see `README.rst <README.rst>`_.
  79. The parameter ``from`` is optional but used for pagination, denoting the
  80. offset in the returned results. This should be treated as an opaque value and
  81. not explicitly set to anything other than the return value of ``next_token``
  82. from a previous call.
  83. The parameter ``limit`` is optional but is used for pagination, denoting the
  84. maximum number of items to return in this call. Defaults to ``100``.
  85. The parameter ``user_id`` is optional and filters to only return users with user IDs
  86. that contain this value. This parameter is ignored when using the ``name`` parameter.
  87. The parameter ``name`` is optional and filters to only return users with user ID localparts
  88. **or** displaynames that contain this value.
  89. The parameter ``guests`` is optional and if ``false`` will **exclude** guest users.
  90. Defaults to ``true`` to include guest users.
  91. The parameter ``deactivated`` is optional and if ``true`` will **include** deactivated users.
  92. Defaults to ``false`` to exclude deactivated users.
  93. A JSON body is returned with the following shape:
  94. .. code:: json
  95. {
  96. "users": [
  97. {
  98. "name": "<user_id1>",
  99. "password_hash": "<password_hash1>",
  100. "is_guest": 0,
  101. "admin": 0,
  102. "user_type": null,
  103. "deactivated": 0,
  104. "displayname": "<User One>",
  105. "avatar_url": null
  106. }, {
  107. "name": "<user_id2>",
  108. "password_hash": "<password_hash2>",
  109. "is_guest": 0,
  110. "admin": 1,
  111. "user_type": null,
  112. "deactivated": 0,
  113. "displayname": "<User Two>",
  114. "avatar_url": "<avatar_url>"
  115. }
  116. ],
  117. "next_token": "100",
  118. "total": 200
  119. }
  120. To paginate, check for ``next_token`` and if present, call the endpoint again
  121. with ``from`` set to the value of ``next_token``. This will return a new page.
  122. If the endpoint does not return a ``next_token`` then there are no more users
  123. to paginate through.
  124. Query current sessions for a user
  125. =================================
  126. This API returns information about the active sessions for a specific user.
  127. The api is::
  128. GET /_synapse/admin/v1/whois/<user_id>
  129. To use it, you will need to authenticate by providing an ``access_token`` for a
  130. server admin: see `README.rst <README.rst>`_.
  131. It returns a JSON body like the following:
  132. .. code:: json
  133. {
  134. "user_id": "<user_id>",
  135. "devices": {
  136. "": {
  137. "sessions": [
  138. {
  139. "connections": [
  140. {
  141. "ip": "1.2.3.4",
  142. "last_seen": 1417222374433,
  143. "user_agent": "Mozilla/5.0 ..."
  144. },
  145. {
  146. "ip": "1.2.3.10",
  147. "last_seen": 1417222374500,
  148. "user_agent": "Dalvik/2.1.0 ..."
  149. }
  150. ]
  151. }
  152. ]
  153. }
  154. }
  155. }
  156. ``last_seen`` is measured in milliseconds since the Unix epoch.
  157. Deactivate Account
  158. ==================
  159. This API deactivates an account. It removes active access tokens, resets the
  160. password, and deletes third-party IDs (to prevent the user requesting a
  161. password reset).
  162. It can also mark the user as GDPR-erased. This means messages sent by the
  163. user will still be visible by anyone that was in the room when these messages
  164. were sent, but hidden from users joining the room afterwards.
  165. The api is::
  166. POST /_synapse/admin/v1/deactivate/<user_id>
  167. with a body of:
  168. .. code:: json
  169. {
  170. "erase": true
  171. }
  172. To use it, you will need to authenticate by providing an ``access_token`` for a
  173. server admin: see `README.rst <README.rst>`_.
  174. The erase parameter is optional and defaults to ``false``.
  175. An empty body may be passed for backwards compatibility.
  176. Reset password
  177. ==============
  178. Changes the password of another user. This will automatically log the user out of all their devices.
  179. The api is::
  180. POST /_synapse/admin/v1/reset_password/<user_id>
  181. with a body of:
  182. .. code:: json
  183. {
  184. "new_password": "<secret>",
  185. "logout_devices": true
  186. }
  187. To use it, you will need to authenticate by providing an ``access_token`` for a
  188. server admin: see `README.rst <README.rst>`_.
  189. The parameter ``new_password`` is required.
  190. The parameter ``logout_devices`` is optional and defaults to ``true``.
  191. Get whether a user is a server administrator or not
  192. ===================================================
  193. The api is::
  194. GET /_synapse/admin/v1/users/<user_id>/admin
  195. To use it, you will need to authenticate by providing an ``access_token`` for a
  196. server admin: see `README.rst <README.rst>`_.
  197. A response body like the following is returned:
  198. .. code:: json
  199. {
  200. "admin": true
  201. }
  202. Change whether a user is a server administrator or not
  203. ======================================================
  204. Note that you cannot demote yourself.
  205. The api is::
  206. PUT /_synapse/admin/v1/users/<user_id>/admin
  207. with a body of:
  208. .. code:: json
  209. {
  210. "admin": true
  211. }
  212. To use it, you will need to authenticate by providing an ``access_token`` for a
  213. server admin: see `README.rst <README.rst>`_.
  214. List room memberships of an user
  215. ================================
  216. Gets a list of all ``room_id`` that a specific ``user_id`` is member.
  217. The API is::
  218. GET /_synapse/admin/v1/users/<user_id>/joined_rooms
  219. To use it, you will need to authenticate by providing an ``access_token`` for a
  220. server admin: see `README.rst <README.rst>`_.
  221. A response body like the following is returned:
  222. .. code:: json
  223. {
  224. "joined_rooms": [
  225. "!DuGcnbhHGaSZQoNQR:matrix.org",
  226. "!ZtSaPCawyWtxfWiIy:matrix.org"
  227. ],
  228. "total": 2
  229. }
  230. **Parameters**
  231. The following parameters should be set in the URL:
  232. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  233. **Response**
  234. The following fields are returned in the JSON response body:
  235. - ``joined_rooms`` - An array of ``room_id``.
  236. - ``total`` - Number of rooms.
  237. List media of an user
  238. ================================
  239. Gets a list of all local media that a specific ``user_id`` has created.
  240. The response is ordered by creation date descending and media ID descending.
  241. The newest media is on top.
  242. The API is::
  243. GET /_synapse/admin/v1/users/<user_id>/media
  244. To use it, you will need to authenticate by providing an ``access_token`` for a
  245. server admin: see `README.rst <README.rst>`_.
  246. A response body like the following is returned:
  247. .. code:: json
  248. {
  249. "media": [
  250. {
  251. "created_ts": 100400,
  252. "last_access_ts": null,
  253. "media_id": "qXhyRzulkwLsNHTbpHreuEgo",
  254. "media_length": 67,
  255. "media_type": "image/png",
  256. "quarantined_by": null,
  257. "safe_from_quarantine": false,
  258. "upload_name": "test1.png"
  259. },
  260. {
  261. "created_ts": 200400,
  262. "last_access_ts": null,
  263. "media_id": "FHfiSnzoINDatrXHQIXBtahw",
  264. "media_length": 67,
  265. "media_type": "image/png",
  266. "quarantined_by": null,
  267. "safe_from_quarantine": false,
  268. "upload_name": "test2.png"
  269. }
  270. ],
  271. "next_token": 3,
  272. "total": 2
  273. }
  274. To paginate, check for ``next_token`` and if present, call the endpoint again
  275. with ``from`` set to the value of ``next_token``. This will return a new page.
  276. If the endpoint does not return a ``next_token`` then there are no more
  277. reports to paginate through.
  278. **Parameters**
  279. The following parameters should be set in the URL:
  280. - ``user_id`` - string - fully qualified: for example, ``@user:server.com``.
  281. - ``limit``: string representing a positive integer - Is optional but is used for pagination,
  282. denoting the maximum number of items to return in this call. Defaults to ``100``.
  283. - ``from``: string representing a positive integer - Is optional but used for pagination,
  284. denoting the offset in the returned results. This should be treated as an opaque value and
  285. not explicitly set to anything other than the return value of ``next_token`` from a previous call.
  286. Defaults to ``0``.
  287. **Response**
  288. The following fields are returned in the JSON response body:
  289. - ``media`` - An array of objects, each containing information about a media.
  290. Media objects contain the following fields:
  291. - ``created_ts`` - integer - Timestamp when the content was uploaded in ms.
  292. - ``last_access_ts`` - integer - Timestamp when the content was last accessed in ms.
  293. - ``media_id`` - string - The id used to refer to the media.
  294. - ``media_length`` - integer - Length of the media in bytes.
  295. - ``media_type`` - string - The MIME-type of the media.
  296. - ``quarantined_by`` - string - The user ID that initiated the quarantine request
  297. for this media.
  298. - ``safe_from_quarantine`` - bool - Status if this media is safe from quarantining.
  299. - ``upload_name`` - string - The name the media was uploaded with.
  300. - ``next_token``: integer - Indication for pagination. See above.
  301. - ``total`` - integer - Total number of media.
  302. Login as a user
  303. ===============
  304. Get an access token that can be used to authenticate as that user. Useful for
  305. when admins wish to do actions on behalf of a user.
  306. The API is::
  307. POST /_synapse/admin/v1/users/<user_id>/login
  308. {}
  309. An optional ``valid_until_ms`` field can be specified in the request body as an
  310. integer timestamp that specifies when the token should expire. By default tokens
  311. do not expire.
  312. A response body like the following is returned:
  313. .. code:: json
  314. {
  315. "access_token": "<opaque_access_token_string>"
  316. }
  317. This API does *not* generate a new device for the user, and so will not appear
  318. their ``/devices`` list, and in general the target user should not be able to
  319. tell they have been logged in as.
  320. To expire the token call the standard ``/logout`` API with the token.
  321. Note: The token will expire if the *admin* user calls ``/logout/all`` from any
  322. of their devices, but the token will *not* expire if the target user does the
  323. same.
  324. User devices
  325. ============
  326. List all devices
  327. ----------------
  328. Gets information about all devices for a specific ``user_id``.
  329. The API is::
  330. GET /_synapse/admin/v2/users/<user_id>/devices
  331. To use it, you will need to authenticate by providing an ``access_token`` for a
  332. server admin: see `README.rst <README.rst>`_.
  333. A response body like the following is returned:
  334. .. code:: json
  335. {
  336. "devices": [
  337. {
  338. "device_id": "QBUAZIFURK",
  339. "display_name": "android",
  340. "last_seen_ip": "1.2.3.4",
  341. "last_seen_ts": 1474491775024,
  342. "user_id": "<user_id>"
  343. },
  344. {
  345. "device_id": "AUIECTSRND",
  346. "display_name": "ios",
  347. "last_seen_ip": "1.2.3.5",
  348. "last_seen_ts": 1474491775025,
  349. "user_id": "<user_id>"
  350. }
  351. ],
  352. "total": 2
  353. }
  354. **Parameters**
  355. The following parameters should be set in the URL:
  356. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  357. **Response**
  358. The following fields are returned in the JSON response body:
  359. - ``devices`` - An array of objects, each containing information about a device.
  360. Device objects contain the following fields:
  361. - ``device_id`` - Identifier of device.
  362. - ``display_name`` - Display name set by the user for this device.
  363. Absent if no name has been set.
  364. - ``last_seen_ip`` - The IP address where this device was last seen.
  365. (May be a few minutes out of date, for efficiency reasons).
  366. - ``last_seen_ts`` - The timestamp (in milliseconds since the unix epoch) when this
  367. devices was last seen. (May be a few minutes out of date, for efficiency reasons).
  368. - ``user_id`` - Owner of device.
  369. - ``total`` - Total number of user's devices.
  370. Delete multiple devices
  371. ------------------
  372. Deletes the given devices for a specific ``user_id``, and invalidates
  373. any access token associated with them.
  374. The API is::
  375. POST /_synapse/admin/v2/users/<user_id>/delete_devices
  376. {
  377. "devices": [
  378. "QBUAZIFURK",
  379. "AUIECTSRND"
  380. ],
  381. }
  382. To use it, you will need to authenticate by providing an ``access_token`` for a
  383. server admin: see `README.rst <README.rst>`_.
  384. An empty JSON dict is returned.
  385. **Parameters**
  386. The following parameters should be set in the URL:
  387. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  388. The following fields are required in the JSON request body:
  389. - ``devices`` - The list of device IDs to delete.
  390. Show a device
  391. ---------------
  392. Gets information on a single device, by ``device_id`` for a specific ``user_id``.
  393. The API is::
  394. GET /_synapse/admin/v2/users/<user_id>/devices/<device_id>
  395. To use it, you will need to authenticate by providing an ``access_token`` for a
  396. server admin: see `README.rst <README.rst>`_.
  397. A response body like the following is returned:
  398. .. code:: json
  399. {
  400. "device_id": "<device_id>",
  401. "display_name": "android",
  402. "last_seen_ip": "1.2.3.4",
  403. "last_seen_ts": 1474491775024,
  404. "user_id": "<user_id>"
  405. }
  406. **Parameters**
  407. The following parameters should be set in the URL:
  408. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  409. - ``device_id`` - The device to retrieve.
  410. **Response**
  411. The following fields are returned in the JSON response body:
  412. - ``device_id`` - Identifier of device.
  413. - ``display_name`` - Display name set by the user for this device.
  414. Absent if no name has been set.
  415. - ``last_seen_ip`` - The IP address where this device was last seen.
  416. (May be a few minutes out of date, for efficiency reasons).
  417. - ``last_seen_ts`` - The timestamp (in milliseconds since the unix epoch) when this
  418. devices was last seen. (May be a few minutes out of date, for efficiency reasons).
  419. - ``user_id`` - Owner of device.
  420. Update a device
  421. ---------------
  422. Updates the metadata on the given ``device_id`` for a specific ``user_id``.
  423. The API is::
  424. PUT /_synapse/admin/v2/users/<user_id>/devices/<device_id>
  425. {
  426. "display_name": "My other phone"
  427. }
  428. To use it, you will need to authenticate by providing an ``access_token`` for a
  429. server admin: see `README.rst <README.rst>`_.
  430. An empty JSON dict is returned.
  431. **Parameters**
  432. The following parameters should be set in the URL:
  433. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  434. - ``device_id`` - The device to update.
  435. The following fields are required in the JSON request body:
  436. - ``display_name`` - The new display name for this device. If not given,
  437. the display name is unchanged.
  438. Delete a device
  439. ---------------
  440. Deletes the given ``device_id`` for a specific ``user_id``,
  441. and invalidates any access token associated with it.
  442. The API is::
  443. DELETE /_synapse/admin/v2/users/<user_id>/devices/<device_id>
  444. {}
  445. To use it, you will need to authenticate by providing an ``access_token`` for a
  446. server admin: see `README.rst <README.rst>`_.
  447. An empty JSON dict is returned.
  448. **Parameters**
  449. The following parameters should be set in the URL:
  450. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  451. - ``device_id`` - The device to delete.
  452. List all pushers
  453. ================
  454. Gets information about all pushers for a specific ``user_id``.
  455. The API is::
  456. GET /_synapse/admin/v1/users/<user_id>/pushers
  457. To use it, you will need to authenticate by providing an ``access_token`` for a
  458. server admin: see `README.rst <README.rst>`_.
  459. A response body like the following is returned:
  460. .. code:: json
  461. {
  462. "pushers": [
  463. {
  464. "app_display_name":"HTTP Push Notifications",
  465. "app_id":"m.http",
  466. "data": {
  467. "url":"example.com"
  468. },
  469. "device_display_name":"pushy push",
  470. "kind":"http",
  471. "lang":"None",
  472. "profile_tag":"",
  473. "pushkey":"a@example.com"
  474. }
  475. ],
  476. "total": 1
  477. }
  478. **Parameters**
  479. The following parameters should be set in the URL:
  480. - ``user_id`` - fully qualified: for example, ``@user:server.com``.
  481. **Response**
  482. The following fields are returned in the JSON response body:
  483. - ``pushers`` - An array containing the current pushers for the user
  484. - ``app_display_name`` - string - A string that will allow the user to identify
  485. what application owns this pusher.
  486. - ``app_id`` - string - This is a reverse-DNS style identifier for the application.
  487. Max length, 64 chars.
  488. - ``data`` - A dictionary of information for the pusher implementation itself.
  489. - ``url`` - string - Required if ``kind`` is ``http``. The URL to use to send
  490. notifications to.
  491. - ``format`` - string - The format to use when sending notifications to the
  492. Push Gateway.
  493. - ``device_display_name`` - string - A string that will allow the user to identify
  494. what device owns this pusher.
  495. - ``profile_tag`` - string - This string determines which set of device specific rules
  496. this pusher executes.
  497. - ``kind`` - string - The kind of pusher. "http" is a pusher that sends HTTP pokes.
  498. - ``lang`` - string - The preferred language for receiving notifications
  499. (e.g. 'en' or 'en-US')
  500. - ``profile_tag`` - string - This string determines which set of device specific rules
  501. this pusher executes.
  502. - ``pushkey`` - string - This is a unique identifier for this pusher.
  503. Max length, 512 bytes.
  504. - ``total`` - integer - Number of pushers.
  505. See also `Client-Server API Spec <https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers>`_