# User Management

Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.

Each user account in Gophish is assigned a **role**. These are global roles that describe the user's permissions within Gophish.

At the time of this writing, there are two roles:

| Role  | Slug    | **Description**                                                                                                             |
| ----- | ------- | --------------------------------------------------------------------------------------------------------------------------- |
| User  | `user`  | A non-administrative user role. Users with this role can create objects and launch campaigns.                               |
| Admin | `admin` | An administrative user. Users with this role can manage system-wide settings as well as other user accounts within Gophish. |

Users have the following format:

```
{
    id              : int64
    username        : string
    role            : Role
    modified_date   : string(datetime)
}
```

Each Role has the following format:

```
{
    name            : string
    slug            : string
    description     : string
}
```

## Get Users

<mark style="color:blue;">`GET`</mark> `https://localhost:3333/api/users/`

Returns a list of all user accounts in Gophish.

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

{% tabs %}
{% tab title="200 " %}

```javascript
[
  {
    "id": 1,
    "username": "admin",
    "role": {
      "slug": "admin",
      "name": "Admin",
      "description": "System administrator with full permissions"
    }
  }
]
```

{% endtab %}
{% endtabs %}

## Get User

<mark style="color:blue;">`GET`</mark> `https://localhost:3333/api/users/:id`

Returns a user with the given ID.

#### Path Parameters

| Name | Type    | Description |
| ---- | ------- | ----------- |
| id   | integer | The user ID |

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

{% tabs %}
{% tab title="200 " %}

```javascript
[
  {
    "id": 1,
    "username": "admin",
    "role": {
      "slug": "admin",
      "name": "Admin",
      "description": "System administrator with full permissions"
    }
  }
]
```

{% endtab %}

{% tab title="404 " %}

```javascript
{
  "message": "User not found",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

## Create User

<mark style="color:green;">`POST`</mark> `https://localhost:3333/api/users/`

Creates a new user.

#### Headers

| Name          | Type   | Description |
| ------------- | ------ | ----------- |
| Authorization | string |             |

#### Request Body

| Name     | Type   | Description                          |
| -------- | ------ | ------------------------------------ |
| role     | string | The role slug to use for the account |
| password | string | The password to set for the account  |
| username | string | The username for the account         |

{% tabs %}
{% tab title="200 " %}

```javascript
{
  "id": 2,
  "username": "exampleuser",
  "role": {
    "slug": "user",
    "name": "User",
    "description": "User role with edit access to objects and campaigns"
}
```

{% endtab %}

{% tab title="400 If an invalid request is provided, an error will be returned with the following format" %}

```javascript
{
  "message": "Username already taken",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

## Modify User

<mark style="color:orange;">`PUT`</mark> `https://localhost:3333/api/users/:id`

Modifies a user account. This can be used to change the role, reset the password, or change the username.

#### Path Parameters

| Name | Type   | Description |
| ---- | ------ | ----------- |
| id   | string | The user ID |

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

#### Request Body

| Name     | Type   | Description                          |
| -------- | ------ | ------------------------------------ |
| role     | string | The role slug to use for the account |
| password | string | The password to set for the account  |
| username | string | The username for the account         |

{% tabs %}
{% tab title="200 " %}

```javascript
{
  "id": 2,
  "username": "exampleuser",
  "role": {
    "slug": "user",
    "name": "User",
    "description": "User role with edit access to objects and campaigns"
}
```

{% endtab %}

{% tab title="400 If an invalid request is provided, an error will be returned in the following format:" %}

```javascript
{
  "message": "Username already taken",
  "success": false,
  "data": null
}
```

{% endtab %}

{% tab title="404 " %}

```javascript
{
  "message": "User not found",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

## Delete User

<mark style="color:red;">`DELETE`</mark> `https://localhost:3333/api/users/:id`

Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.

#### Path Parameters

| Name | Type   | Description |
| ---- | ------ | ----------- |
| id   | string | The user ID |

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

{% tabs %}
{% tab title="200 " %}

```javascript
{
  "message": "User deleted Successfully!",
  "success": true,
  "data": null
}
```

{% endtab %}

{% tab title="404 " %}

```javascript
{
  "message": "User not found",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

Returns a 404 error if no user is found with the provided ID.