User Management

Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.

Each user account in Gophish is assigned a role. These are global roles that describe the user's permissions within Gophish.

At the time of this writing, there are two roles:

Users have the following format:

{
    id              : int64
    username        : string
    role            : Role
    modified_date   : string(datetime)
}

Each Role has the following format:

{
    name            : string
    slug            : string
    description     : string
}

Get Users

GET https://localhost:3333/api/users/

Returns a list of all user accounts in Gophish.

Headers

[
  {
    "id": 1,
    "username": "admin",
    "role": {
      "slug": "admin",
      "name": "Admin",
      "description": "System administrator with full permissions"
    }
  }
]

Get User

GET https://localhost:3333/api/users/:id

Returns a user with the given ID.

Path Parameters

Headers

[
  {
    "id": 1,
    "username": "admin",
    "role": {
      "slug": "admin",
      "name": "Admin",
      "description": "System administrator with full permissions"
    }
  }
]

{
  "message": "User not found",
  "success": false,
  "data": null
}

Create User

POST https://localhost:3333/api/users/

Creates a new user.

Headers

Request Body

{
  "id": 2,
  "username": "exampleuser",
  "role": {
    "slug": "user",
    "name": "User",
    "description": "User role with edit access to objects and campaigns"
}

{
  "message": "Username already taken",
  "success": false,
  "data": null
}

Modify User

PUT https://localhost:3333/api/users/:id

Modifies a user account. This can be used to change the role, reset the password, or change the username.

Path Parameters

Headers

Request Body

{
  "id": 2,
  "username": "exampleuser",
  "role": {
    "slug": "user",
    "name": "User",
    "description": "User role with edit access to objects and campaigns"
}

{
  "message": "Username already taken",
  "success": false,
  "data": null
}

{
  "message": "User not found",
  "success": false,
  "data": null
}

Delete User

DELETE https://localhost:3333/api/users/:id

Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.

Path Parameters

Headers

{
  "message": "User deleted Successfully!",
  "success": true,
  "data": null
}

{
  "message": "User not found",
  "success": false,
  "data": null
}

Returns a 404 error if no user is found with the provided ID.