User Management
Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.
Each user account in Gophish is assigned a role. These are global roles that describe the user's permissions within Gophish.
At the time of this writing, there are two roles:
Role | Slug | Description |
User |
| A non-administrative user role. Users with this role can create objects and launch campaigns. |
Admin |
| An administrative user. Users with this role can manage system-wide settings as well as other user accounts within Gophish. |
Users have the following format:
{id : int64username : stringrole : Rolemodified_date : string(datetime)}
Each Role has the following format:
{name : stringslug : stringdescription : string}
getGet Users
get
https://localhost:3333/api/users/
Returns a list of all user accounts in Gophish.
Request
Response
Request
Headers
Authorization
required
string
A valid API key
Response
200: OK
[{"id": 1,"username": "admin","role": {"slug": "admin","name": "Admin","description": "System administrator with full permissions"}}]
getGet User
get
https://localhost:3333/api/users/:id
Returns a user with the given ID.
Request
Response
Request
Path Parameters
id
required
integer
The user ID
Headers
Authorization
required
string
A valid API key
Response
200: OK
[{"id": 1,"username": "admin","role": {"slug": "admin","name": "Admin","description": "System administrator with full permissions"}}]
404: Not Found
{"message": "User not found","success": false,"data": null}
postCreate User
post
https://localhost:3333/api/users/
Creates a new user.
Request
Response
Request
Headers
Authorization
required
string
​
Body Parameters
role
required
string
The role slug to use for the account
password
required
string
The password to set for the account
username
required
string
The username for the account
Response
200: OK
{"id": 2,"username": "exampleuser","role": {"slug": "user","name": "User","description": "User role with edit access to objects and campaigns"}
400: Bad Request
If an invalid request is provided, an error will be returned with the following format
{"message": "Username already taken","success": false,"data": null}
putModify User
put
https://localhost:3333/api/users/:id
Modifies a user account. This can be used to change the role, reset the password, or change the username.
Request
Response
Request
Path Parameters
id
required
string
The user ID
Headers
Authorization
required
string
A valid API key
Body Parameters
role
optional
string
The role slug to use for the account
password
optional
string
The password to set for the account
username
required
string
The username for the account
Response
200: OK
{"id": 2,"username": "exampleuser","role": {"slug": "user","name": "User","description": "User role with edit access to objects and campaigns"}
400: Bad Request
If an invalid request is provided, an error will be returned in the following format:
{"message": "Username already taken","success": false,"data": null}
404: Not Found
{"message": "User not found","success": false,"data": null}
deleteDelete User
delete
https://localhost:3333/api/users/:id
Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.
Request
Response
Request
Path Parameters
id
required
string
The user ID
Headers
Authorization
required
string
A valid API key
Response
200: OK
{"message": "User deleted Successfully!","success": true,"data": null}
404: Not Found
{"message": "User not found","success": false,"data": null}
Returns a 404 error if no user is found with the provided ID.
Last updated 1 year ago