User Management
Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.
Each user account in Gophish is assigned a role. These are global roles that describe the user's permissions within Gophish.
At the time of this writing, there are two roles:
Role
Slug
Description
User
user
A non-administrative user role. Users with this role can create objects and launch campaigns.
Admin
admin
An administrative user. Users with this role can manage system-wide settings as well as other user accounts within Gophish.
Users have the following format:
{
id : int64
username : string
role : Role
modified_date : string(datetime)
}
Each Role has the following format:
{
name : string
slug : string
description : string
}
Get Users
GET
https://localhost:3333/api/users/
Returns a list of all user accounts in Gophish.
Headers
Authorization
string
A valid API key
[
{
"id": 1,
"username": "admin",
"role": {
"slug": "admin",
"name": "Admin",
"description": "System administrator with full permissions"
}
}
]
Get User
GET
https://localhost:3333/api/users/:id
Returns a user with the given ID.
Path Parameters
id
integer
The user ID
Headers
Authorization
string
A valid API key
[
{
"id": 1,
"username": "admin",
"role": {
"slug": "admin",
"name": "Admin",
"description": "System administrator with full permissions"
}
}
]
Create User
POST
https://localhost:3333/api/users/
Creates a new user.
Headers
Authorization
string
Request Body
role
string
The role slug to use for the account
password
string
The password to set for the account
username
string
The username for the account
{
"id": 2,
"username": "exampleuser",
"role": {
"slug": "user",
"name": "User",
"description": "User role with edit access to objects and campaigns"
}
Modify User
PUT
https://localhost:3333/api/users/:id
Modifies a user account. This can be used to change the role, reset the password, or change the username.
Path Parameters
id
string
The user ID
Headers
Authorization
string
A valid API key
Request Body
role
string
The role slug to use for the account
password
string
The password to set for the account
username
string
The username for the account
{
"id": 2,
"username": "exampleuser",
"role": {
"slug": "user",
"name": "User",
"description": "User role with edit access to objects and campaigns"
}
Delete User
DELETE
https://localhost:3333/api/users/:id
Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.
Path Parameters
id
string
The user ID
Headers
Authorization
string
A valid API key
{
"message": "User deleted Successfully!",
"success": true,
"data": null
}
Returns a 404 error if no user is found with the provided ID.
Last updated