Create User
POST /api/v1/users
Creates a new user linked to the authenticated tenant. The password is stored as a hash — never in plain text.
Auth: Bearer token
Body
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Unique email address on the platform — max 255 characters |
password | string | Yes | Plain text password — stored as a hash |
role | integer | No (default 0) | 0 = Developer, 1 = Admin, 10 = Owner, 20 = Viewer |
var request = new HttpRequestMessage(HttpMethod.Post, "https://api.hooksentry.com/api/v1/users")
{
Content = JsonContent.Create(new
{
email = "dev@acme.com",
password = "SenhaSegura123!",
role = 0
})
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
201 Created— user created successfully400 Bad Request— invalid data (malformed email, empty password)401 Unauthorized— missing or invalid token404 Not Found— tenant not found409 Conflict— a user with this email already exists
{
"id": "5a6b7c8d-9e0f-4a1b-8c2d-3e4f5a6b7c8d",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"email": "dev@acme.com",
"status": "Active",
"role": "Developer",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T14:32:00.000Z"
}
Get Users
GET /api/v1/users
Returns a page of users belonging to the authenticated tenant — always isolated by tenant. See Pagination & Filtering for the shared query parameters.
Auth: Bearer token
Filters (optional)
| Parameter | Type | Description |
|---|---|---|
Status | integer | 0 = Active, 1 = Inactive |
Role | integer | 0 = Developer, 1 = Admin, 10 = Owner, 20 = Viewer |
var request = new HttpRequestMessage(HttpMethod.Get,
"https://api.hooksentry.com/api/v1/users?Qt=10&Pg=1&CpOrd=id&TpOrd=Desc");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
200 OK— paginated list of users (without password field)400 Bad Request— invalid sort field401 Unauthorized— missing or invalid token
{
"total": 4,
"items": [
{
"id": "5a6b7c8d-9e0f-4a1b-8c2d-3e4f5a6b7c8d",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"email": "dev@acme.com",
"status": "Active",
"role": "Developer",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T14:32:00.000Z"
}
]
}
Get User by ID
GET /api/v1/users/{id}
Looks up a user by UUID. The user must belong to the caller's tenant. The password field is
never returned.
Auth: Bearer token
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | User UUID |
var request = new HttpRequestMessage(HttpMethod.Get, $"https://api.hooksentry.com/api/v1/users/{userId}");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
200 OK— user data (without password field)401 Unauthorized— missing or invalid token403 Forbidden— user belongs to another tenant404 Not Found— user not found
{
"id": "5a6b7c8d-9e0f-4a1b-8c2d-3e4f5a6b7c8d",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"email": "dev@acme.com",
"status": "Active",
"role": "Developer",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T14:32:00.000Z"
}
Update User
PATCH /api/v1/users/{id}
Partially updates a user belonging to the authenticated tenant. Only fields included in the body are changed.
Auth: Bearer token
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | User UUID |
Body (all fields optional)
| Field | Type | Description |
|---|---|---|
email | string | New unique email address on the platform |
password | string | New plain text password — stored as a hash |
role | integer | New role — 0 Developer, 1 Admin, 10 Owner, 20 Viewer |
status | integer | New status — 0 Active, 1 Inactive |
Role changes require a privileged caller:
Changing role requires the caller to be Admin or Owner. Promoting a user to Owner requires
the caller to already be an Owner — otherwise the request returns 403 Forbidden.
var request = new HttpRequestMessage(HttpMethod.Patch, $"https://api.hooksentry.com/api/v1/users/{userId}")
{
Content = JsonContent.Create(new { role = 1, status = 0 })
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
200 OK— user updated successfully400 Bad Request— invalid value (malformed email, role out of domain)401 Unauthorized— missing or invalid token403 Forbidden— user belongs to another tenant, or caller lacks the role required for the change404 Not Found— user not found409 Conflict— email already in use by another user
{
"id": "5a6b7c8d-9e0f-4a1b-8c2d-3e4f5a6b7c8d",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"email": "dev@acme.com",
"status": "Active",
"role": "Admin",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T15:20:00.000Z"
}
Delete User
DELETE /api/v1/users/{id}
Permanently deletes a user from the authenticated tenant. Irreversible.
Auth: Bearer token — Admin or Owner role
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | UUID of the user to delete |
Irreversible:
Deletion is permanent. Require explicit confirmation in your UI before calling this endpoint.
var request = new HttpRequestMessage(HttpMethod.Delete, $"https://api.hooksentry.com/api/v1/users/{userId}");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
204 No Content— user deleted successfully401 Unauthorized— missing, invalid token, or missingroleclaim403 Forbidden— caller is not Admin/Owner, or the target belongs to another tenant404 Not Found— user not found