# Create a user Creates a user linked to the logged-in corporate or consumer identity. Once on-boarded, users have access to all instruments (cards and accounts) of the identity. Application-specific permissions to limit what each user can view and do need to be implemented in your application. In order to Create an Authorised User you would need a stepped-up token. Before calling /multi/users you need to step-up ( issue a challenge multi/stepup/challenges/otp/{channel} ) More details on how to step-up a token can be found here Step-Up Endpoint: POST /users Version: 3.63.5 Security: auth_token, api-key ## Header parameters: - `idempotency-ref` (string) A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours. ## Request fields (application/json): - `name` (string, required) The first name of the user. - `surname` (string, required) The last name of the user. - `email` (string, required) E-mail Address of the user - `mobile` (object) - `mobile.countryCode` (string, required) The country code of the user mobile number (e.g. +44). - `mobile.number` (string, required) The mobile number of the user - excluding country code. - `dateOfBirth` (object) Date of birth of the authorised user. - `dateOfBirth.year` (integer, required) - `dateOfBirth.month` (integer, required) - `dateOfBirth.day` (integer, required) - `tag` (string) The tag field is a custom field that can be used to search and filter. - `countryOfResidence` (string) - `locale` (string) BCP47 locale code (e.g. en, en-US). The locale determines which email and SMS user notification templates are used. - `brand` (string) Brand identifier used to determine the set of email and SMS user notification templates. Must be alphanumeric, up to 25 characters, and contain no spaces. ## Response 200 fields (application/json): - `id` (string, required) The unique identifier of the user. - `identity` (object, required) The identity that the user belongs to. - `identity.type` (string, required) Indicates the identity type. Enum: "CONSUMER", "CORPORATE" - `identity.id` (string, required) The identifier for the identity. - `name` (string, required) The first name of the user. - `surname` (string, required) The last name of the user. - `email` (string, required) E-mail Address of the user - `mobile` (object) - `mobile.countryCode` (string, required) The country code of the user mobile number (e.g. +44). - `mobile.number` (string, required) The mobile number of the user - excluding country code. - `active` (boolean, required) The state of the user. If the active attribute is false, then the user will not be able to log in. - `dateOfBirth` (object) Date of birth of the authorised user. - `dateOfBirth.year` (integer, required) - `dateOfBirth.month` (integer, required) - `dateOfBirth.day` (integer, required) - `tag` (string) The tag field is a custom field that can be used to search and filter. - `countryOfResidence` (string) - `locale` (string) BCP47 locale code (e.g. en, en-US). The locale determines which email and SMS user notification templates are used. - `brand` (string) Brand identifier used to determine the set of email and SMS user notification templates. Must be alphanumeric, up to 25 characters, and contain no spaces. ## Response 400 fields (application/json): - `message` (string) When present helps to identify and fix the problem. - `syntaxErrors` (object) Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided. - `syntaxErrors.invalidFields` (array) - `syntaxErrors.invalidFields.params` (array) - `syntaxErrors.invalidFields.fieldName` (string) - `syntaxErrors.invalidFields.error` (string) Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE" ## Response 403 fields (application/json): - `errorCode` (string) Enum: "STEP_UP_REQUIRED" ## Response 404 fields (application/json): - `code` (string) - `message` (string) ## Response 409 fields (application/json): - `errorCode` (string) Enum: "EMAIL_NOT_UNIQUE", "MOBILE_OR_COUNTRY_CODE_INVALID", "EMAIL_DOMAIN_NOT_ALLOWED", "COUNTRY_OF_RESIDENCE_INVALID" ## Response default fields (application/json): - `code` (string) - `message` (string) ## Response 401 fields ## Response 429 fields ## Response 500 fields ## Response 503 fields