User Management
Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.
Each user account in Gophish is assigned a role. These are global roles that describe the user's permissions within Gophish.
At the time of this writing, there are two roles:
Role | Slug | Description |
User |
| A non-administrative user role. Users with this role can create objects and launch campaigns. |
Admin |
| An administrative user. Users with this role can manage system-wide settings as well as other user accounts within Gophish. |
Users have the following format:
Each Role has the following format:
Get Users
GET
https://localhost:3333/api/users/
Returns a list of all user accounts in Gophish.
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Get User
GET
https://localhost:3333/api/users/:id
Returns a user with the given ID.
Path Parameters
Name | Type | Description |
---|---|---|
id | integer | The user ID |
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Create User
POST
https://localhost:3333/api/users/
Creates a new user.
Headers
Name | Type | Description |
---|---|---|
Authorization | string |
Request Body
Name | Type | Description |
---|---|---|
role | string | The role slug to use for the account |
password | string | The password to set for the account |
username | string | The username for the account |
Modify User
PUT
https://localhost:3333/api/users/:id
Modifies a user account. This can be used to change the role, reset the password, or change the username.
Path Parameters
Name | Type | Description |
---|---|---|
id | string | The user ID |
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Request Body
Name | Type | Description |
---|---|---|
role | string | The role slug to use for the account |
password | string | The password to set for the account |
username | string | The username for the account |
Delete User
DELETE
https://localhost:3333/api/users/:id
Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.
Path Parameters
Name | Type | Description |
---|---|---|
id | string | The user ID |
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Returns a 404 error if no user is found with the provided ID.
Last updated