Profile

A Profile represents the person currently logged in to Rebilly.

Activate

Sends a token to activate user account.

Request
path Parameters
token
required
string

The token string.

Responses
204

User account was activated.

422

Invalid token was sent.

post/activation/{token}
Request samples
try {
    $client->users()->activate('token');
} catch (UnprocessableEntityException $e) {
    echo $e->getMessage();
}
Response samples
application/json
{
  • "status": 400,
  • "title": "string",
  • "detail": "string",
  • "error": "string",
  • "invalidFields": [
    ]
}

Start permissions emulation

Start permissions emulation.

Emulation during emulation is not supported. If request sent during an ongoing emulation 403 sent in response.

Escalation is also not supported.

Request
Security:
Request Body schema: application/json
permissions
required
Array of strings <operationId>

The list of permissions to be emulated.

Responses
201

Session was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/permissions-emulation
Request samples
application/json
{
  • "permissions": [
    ]
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "token": "string",
  • "permissions": [
    ],
  • "memberships": [
    ],
  • "userId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "expiredTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Stop permissions emulation

Stop permissions emulation.

Session permissions would be restored to the state before emulation started. If emulations was not started 403 is sent in response.

Request
Security:
Responses
201

Session was restored.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

delete/permissions-emulation
Request samples
curl -i -X DELETE \
  https://api-sandbox.rebilly.com/organizations/unknown/permissions-emulation \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "token": "string",
  • "permissions": [
    ],
  • "memberships": [
    ],
  • "userId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "expiredTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Retrieve user's profile

Retrieve user's profile.

Request
Security:
Responses
200

Profile was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/profile
Request samples
const profile = await api.profile.get();
console.log(profile.fields.email);
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "email": "user@example.com",
  • "firstName": "string",
  • "lastName": "string",
  • "businessPhone": "string",
  • "mobilePhone": "string",
  • "memberships": [
    ],
  • "availableCurrencies": [
    ],
  • "reportingCurrency": "string",
  • "totpRequired": true,
  • "totpSecret": "string",
  • "totpUrl": "string",
  • "oneTimePassword": "123456",
  • "country": "string",
  • "preferences": { },
  • "hasPermissionsEmulation": true,
  • "displayName": "string",
  • "hash": "string"
}

Update user's profile

Update user's profile.

Request
Security:
Request Body schema: application/json

Profile resource.

Array of objects (Membership)

The user memberships.

Array
allowedIps
Array of strings or null <ip> (AllowedIps)

The list of allowed IP addresses. Private subnets are not allowed. Set to null to remove restrictions.

permissions
Array of strings <operationId>

The user's permissions. See the format in example. Use wildcard * for full access.

isOwner
boolean

User is owner of organization.

roleIds
Array of strings

The membership's roles identifiers.

reportingCurrency
string

The user's ISO Alpha-3 code used for reports.

totpRequired
boolean
Deprecated

The user setting of two-factor authentification.

oneTimePassword
string^[0-9]{6}$
Deprecated

The one time password generated by Google Authenticator (required when enabling/disabling 2FA). Should contain digits only.

preferences
object

User preferences like timezone, language and many more. This is an object with custom properties.

hasPermissionsEmulation
boolean

True when the current user session has permissions emulation enabled.

displayName
string

User's full display name.

hash
string

User's unique hash.

Responses
200

Profile was updated.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

422

Invalid data was sent.

put/profile
Request samples
application/json
{
  • "memberships": [
    ],
  • "reportingCurrency": "string",
  • "totpRequired": true,
  • "oneTimePassword": "123456",
  • "preferences": { },
  • "hasPermissionsEmulation": true,
  • "displayName": "string",
  • "hash": "string"
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "email": "user@example.com",
  • "firstName": "string",
  • "lastName": "string",
  • "businessPhone": "string",
  • "mobilePhone": "string",
  • "memberships": [
    ],
  • "availableCurrencies": [
    ],
  • "reportingCurrency": "string",
  • "totpRequired": true,
  • "totpSecret": "string",
  • "totpUrl": "string",
  • "oneTimePassword": "123456",
  • "country": "string",
  • "preferences": { },
  • "hasPermissionsEmulation": true,
  • "displayName": "string",
  • "hash": "string"
}

Retrieve user MFA status

Retrieve user MFA status.

Request
Security:
Responses
200

User MFA status was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/profile/mfa
Request samples
const mfa = await api.profile.getMfa();
console.log(mfa.fields.status, mfa.fields.type, mfa.fields.lastAuthTime);
Response samples
application/json
{
  • "status": "active",
  • "type": "duo",
  • "lastAuthTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Update user MFA

Update user MFA. Link with rel enrollment must be followed to verify existing or enroll new MFA.

Request
Security:
Responses
201

User MFA update url was created successfuly.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

post/profile/mfa
Request samples
const mfa = await api.profile.updateMfa();
console.log(mfa.fields._links);
Response samples
application/json
{
  • "status": "active",
  • "type": "duo",
  • "lastAuthTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Delete user MFA

Delete user MFA. To succed lastAuthTime must be no more than 10 minutes before this call.

Request
Security:
Responses
204

User MFA was deleted successfuly.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

delete/profile/mfa
Request samples
await api.profile.deleteMfa();
Response samples
application/json
{
  • "status": 400,
  • "title": "string",
  • "detail": "string",
  • "error": "string"
}

Change password

Updates user's password with the specified newPassword. And checks if. currentPassword matches the actual one.

Request
Security:
Request Body schema: application/json

currentPassword and newPassword.

currentPassword
required
string <password>

Current user's password - used when requesting password change.

newPassword
required
string <password>

New user's password - used when requesting password change.

Responses
201

Password updated successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

422

Invalid data was sent.

post/profile/password
Request samples
application/json
{
  • "currentPassword": "pa$$word",
  • "newPassword": "pa$$word"
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "email": "user@example.com",
  • "firstName": "string",
  • "lastName": "string",
  • "businessPhone": "string",
  • "mobilePhone": "string",
  • "memberships": [
    ],
  • "availableCurrencies": [
    ],
  • "reportingCurrency": "string",
  • "totpRequired": true,
  • "totpSecret": "string",
  • "totpUrl": "string",
  • "oneTimePassword": "123456",
  • "country": "string",
  • "preferences": { },
  • "hasPermissionsEmulation": true,
  • "displayName": "string",
  • "hash": "string"
}

Reset (renew) totpSecretDeprecated

Reset (renew) totpSecret.

Request
Security:
Responses
201

totpSecret reset (renewed) successfully.

404

Resource was not found.

post/profile/totp-reset
Request samples
const profile = await api.profile.resetTotp();
console.log(profile.fields.toptSecret);
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "email": "user@example.com",
  • "firstName": "string",
  • "lastName": "string",
  • "businessPhone": "string",
  • "mobilePhone": "string",
  • "memberships": [
    ],
  • "availableCurrencies": [
    ],
  • "reportingCurrency": "string",
  • "totpRequired": true,
  • "totpSecret": "string",
  • "totpUrl": "string",
  • "oneTimePassword": "123456",
  • "country": "string",
  • "preferences": { },
  • "hasPermissionsEmulation": true,
  • "displayName": "string",
  • "hash": "string"
}

Register and create new profile

Creates a new user and sends an email confirmation.

Request
Security:
Request Body schema: application/json

Signup resource.

email
required
string <email> <= 100 characters

The user email.

company
required
string

The user company name.

firstName
required
string

The user first name.

lastName
required
string

The user last name.

businessPhone
required
string

The user business phone number.

password
required
string <password>

The user password.

website
required
string

The user website address.

country
string^[A-Z]{2}$
Default: "US"

The user country (ISO Alpha-2 code).

reportingCurrency
string^[A-Z]{3}$
Default: "USD"

The currency to be set only once which will be used for conversion in reports.

object (OrganizationQuestionnaire)
role
string

The role of the owner.

monthlyTransactions
string

The amount of monthly processed transaction.

products
Array of strings

The list of products organization is interested in.

integrationType
string

What kind of integration organization looks for.

launchTiming
string

Desired time to go live.

Responses
201

User was created.

422

Invalid data was sent.

post/signup
Request samples
application/json
{
  • "email": "user@example.com",
  • "company": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "businessPhone": "string",
  • "password": "pa$$word",
  • "website": "string",
  • "country": "US",
  • "reportingCurrency": "USD",
  • "questionnaire": {
    }
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "email": "user@example.com",
  • "firstName": "string",
  • "lastName": "string",
  • "businessPhone": "string",
  • "mobilePhone": "string",
  • "password": "pa$$word",
  • "permissions": [
    ],
  • "computedPermissions": [
    ],
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "loginTime": "2019-08-24T14:15:22Z",
  • "reportingCurrency": "string",
  • "availableCurrencies": [
    ],
  • "totpRequired": true,
  • "totpSecret": "string",
  • "totpUrl": "string",
  • "status": "active",
  • "country": "string",
  • "preferences": { },
  • "roleIds": [
    ],
  • "allowedIps": [
    ],
  • "_links": [
    ]
}