# Authorised Users Corporate and Consumer identities can invite authorised users to access their account. Once on-boarded, authorised users can create and manage instruments and transactions on behalf of the identity they are on-boarded with. In case of **Corporate Identities**, authorised users are typically employees who have access to company's banking products such as cards and bank accounts. In case of **Consumer Identities**, authorised users are typically children/teens whose parents want them to have access to banking products such as cards and bank accounts. Note that the `/users` GET endpoints return all users including root users. However, modification operations (create, update, activate, deactivate) on `/users` endpoints only apply to authorised users. To modify _root_ user details, use the respective `/consumers` or `/corporates` endpoints. ## Create a user - [POST /users](https://api.weavr.io/products/multi/openapi/authorised-users/usercreate.md): Creates a user linked to the logged-in corporate or consumer identity. Once on-boarded, users have access to all instruments (cards and accounts) of the identity. Application-specific permissions to limit what each user can view and do need to be implemented in your application. In order to Create an Authorised User you would need a stepped-up token. Before calling /multi/users you need to step-up ( issue a challenge multi/stepup/challenges/otp/{channel} ) More details on how to step-up a token can be found here Step-Up ## Get all users - [GET /users](https://api.weavr.io/products/multi/openapi/authorised-users/usersget.md): Fetches all users associated with the corporate or consumer identity the logged-in user belongs to. ## Get a user - [GET /users/{user_id}](https://api.weavr.io/products/multi/openapi/authorised-users/usergetbyid.md): Retrieves the user identified by the user_id path parameter. ## Update a user - [PATCH /users/{user_id}](https://api.weavr.io/products/multi/openapi/authorised-users/userupdate.md): Update the details of a user identified by the user_id in the the path parameter. Only the fields that are specified in the request body will be updated. All other fields will remain unchanged. When patching a mobile number, the new mobile number should be enrolled for Additional Factors. ## Activate a user - [POST /users/{user_id}/activate](https://api.weavr.io/products/multi/openapi/authorised-users/useractivate.md): Activate the user identified by the user_id path parameter. By default, any new users created will be automatically activated. This operation needs to be used only if the user was previously de-activated using the _userDeactivate_ operation, or if the user was de-activated automatically after multiple incorrect login attempts. ## Deactivate a user - [POST /users/{user_id}/deactivate](https://api.weavr.io/products/multi/openapi/authorised-users/userdeactivate.md): De-activate the user identified by the user_id path parameter. Deactivated users cannot log in or execute any operations with their credentials. This operations is not final and a user can be re-activated using the userActivate operation. Note that another active user would need to log in so as to re-activate the de-activated user. ## Send a user invite - [POST /users/{user_id}/invite](https://api.weavr.io/products/multi/openapi/authorised-users/userinvitesend.md): Once a user is created using the _userCreate_ operation, the user needs to setup his/her password. An invitation needs to be sent to the user in order to be able to set up the password for the first time. The invitation email, which remains valid for 1 month, will contain a URL having all information required to setup the password via the _userInviteConsume_. ## Validate a user invite - [POST /users/{user_id}/invite/validate](https://api.weavr.io/products/multi/openapi/authorised-users/userinvitevalidate.md): Check if a user's invite is still valid. This operation is useful to avoid having the user fill in a form only to be held by a validation issue (eg. expired invite). ## Consume a user invite - [POST /users/{user_id}/invite/consume](https://api.weavr.io/products/multi/openapi/authorised-users/userinviteconsume.md): Consumes an invitation perviously sent to the user via _userInviteSend_. This is needed so that the invited user sets up the password. _Note that on the Sandbox Environment, the inviteCode is always set to \"123456\"._ ## Send an email verification code to the authorised user - [POST /users/verification/email/send](https://api.weavr.io/products/multi/openapi/authorised-users/authoriseduseremailverificationcodesend.md): The first step in verifying an authorised user's email. The authorised user whose email address is to be verified is sent an email containing a randomly generated code. This code must then be provided in the _authorisedUserEmailVerify_ operation to verify the authorised user's email address. _Note that on the Sandbox Environment, the verificationCode is always set to \"123456\"._ ## Verify email of the authorised user - [POST /users/verification/email/verify](https://api.weavr.io/products/multi/openapi/authorised-users/authoriseduseremailverify.md): The second step in verifying the authorised user's email. The randomly generated code sent to the authorised user via email, using the _authorisedUserEmailVerificationCodeSend_ operation, is submitted here to verify the authorised user's email. This is needed as part of the verification process for basic due diligence. _Note that on the Sandbox Environment, the verificationCode is always set to \"123456\"._ ## Start KYC for the user - [POST /users/kyc](https://api.weavr.io/products/multi/openapi/authorised-users/userkyc.md): Perform the kyc for a corporate user.