User Management

Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.

Each user account in Gophish is assigned a role. These are global roles that describe the user's permissions within Gophish.

At the time of this writing, there are two roles:

Role

Slug

Description

User

user

A non-administrative user role. Users with this role can create objects and launch campaigns.

Admin

admin

An administrative user. Users with this role can manage system-wide settings as well as other user accounts within Gophish.

Users have the following format:

{
id : int64
username : string
role : Role
modified_date : string(datetime)
}

Each Role has the following format:

{
name : string
slug : string
description : string
}

get
Get Users

https://localhost:3333/api/users/
Returns a list of all user accounts in Gophish.
Request
Response
Request
Headers
Authorization
required
string
A valid API key
Response
200: OK
[
{
"id": 1,
"username": "admin",
"role": {
"slug": "admin",
"name": "Admin",
"description": "System administrator with full permissions"
}
}
]

get
Get User

https://localhost:3333/api/users/:id
Returns a user with the given ID.
Request
Response
Request
Path Parameters
id
required
integer
The user ID
Headers
Authorization
required
string
A valid API key
Response
200: OK
[
{
"id": 1,
"username": "admin",
"role": {
"slug": "admin",
"name": "Admin",
"description": "System administrator with full permissions"
}
}
]
404: Not Found
{
"message": "User not found",
"success": false,
"data": null
}

post
Create User

https://localhost:3333/api/users/
Creates a new user.
Request
Response
Request
Headers
Authorization
required
string
‚Äč
Body Parameters
role
required
string
The role slug to use for the account
password
required
string
The password to set for the account
username
required
string
The username for the account
Response
200: OK
{
"id": 2,
"username": "exampleuser",
"role": {
"slug": "user",
"name": "User",
"description": "User role with edit access to objects and campaigns"
}
400: Bad Request
If an invalid request is provided, an error will be returned with the following format
{
"message": "Username already taken",
"success": false,
"data": null
}

put
Modify User

https://localhost:3333/api/users/:id
Modifies a user account. This can be used to change the role, reset the password, or change the username.
Request
Response
Request
Path Parameters
id
required
string
The user ID
Headers
Authorization
required
string
A valid API key
Body Parameters
role
optional
string
The role slug to use for the account
password
optional
string
The password to set for the account
username
required
string
The username for the account
Response
200: OK
{
"id": 2,
"username": "exampleuser",
"role": {
"slug": "user",
"name": "User",
"description": "User role with edit access to objects and campaigns"
}
400: Bad Request
If an invalid request is provided, an error will be returned in the following format:
{
"message": "Username already taken",
"success": false,
"data": null
}
404: Not Found
{
"message": "User not found",
"success": false,
"data": null
}

delete
Delete User

https://localhost:3333/api/users/:id
Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.
Request
Response
Request
Path Parameters
id
required
string
The user ID
Headers
Authorization
required
string
A valid API key
Response
200: OK
{
"message": "User deleted Successfully!",
"success": true,
"data": null
}
404: Not Found
{
"message": "User not found",
"success": false,
"data": null
}

Returns a 404 error if no user is found with the provided ID.