# Buyer Authorised Users Buyers can invite authorised users to access their account. Once on-boarded, authorised users can transact on behalf of the identity they are on-boarded with. Authorised users are typically employees who have access to company's banking accounts. Note that `/users` endpoints are to be used only for performing operations related to authorised users - getting or updating the details of _admin_ users is to be done via `/buyers` endpoints. ## Create a user - [POST /v1/users](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/usercreate.md): Creates a user that belongs to the buyer that the logged-in user belongs to. To Create an Authorised User you would need a stepped-up token. After calling this endpoint you need to step-up ( issue a challenge /stepup/challenges/otp/{channel} ). More details on how to step-up a token can be found here Step-Up. Once on-boarded, users have access and manage the buyer's payment runs. Users are assigned roles which limit the level of access they have and what they can do on behalf of the buyer. Required user role: ADMIN ## Get all users - [GET /v1/users](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/usersget.md): Fetches all authorised users associated with the buyer that the logged-in user belongs to. Required user role: ADMIN ## Get a user - [GET /v1/users/{user_id}](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/usergetbyid.md): Retrieves the user identified by the user_id path parameter. Required user role: ADMIN ## Update a user - [PATCH /v1/users/{user_id}](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/userupdate.md): Update the details of a user identified by the user_id in the the path parameter. After calling this endpoint you need to step-up ( issue a challenge /stepup/challenges/otp/{channel} ). More details on how to step-up a token can be found here Step-Up.. Only the fields that are specified in the request body will be updated. All other fields will remain unchanged. When patching a mobile number, the new mobile number should be enrolled for Additional Factors. Required user role: ADMIN ## Activate a user - [POST /v1/users/{user_id}/activate](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/useractivate.md): Activate the user identified by the user_id path parameter. By default, any new users created will be automatically activated. This operation needs to be used only if the user was previously de-activated using the _userDeactivate_ operation, or if the user was de-activated automatically after multiple incorrect login attempts. Required user role: ADMIN ## Deactivate a user - [POST /v1/users/{user_id}/deactivate](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/userdeactivate.md): De-activate the user identified by the user_id path parameter. Deactivated users cannot log in or execute any operations with their credentials. This operations is not final and a user can be re-activated using the userActivate operation. Note that another active user would need to log in so as to re-activate the de-activated user. Required user role: ADMIN ## Send a user invite - [POST /v1/users/{user_id}/invite](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/userinvitesend.md): Once a user is created using the _userCreate_ operation, the user needs to setup his/her password. An invitation needs to be sent to the user in order to be able to set up the password for the first time. The invitation email, which remains valid for 1 month, will contain a URL having all information required to setup the password via the _userInviteConsume_. Required user role: ADMIN ## Validate a user invite - [POST /v1/users/{user_id}/invite/validate](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/userinvitevalidate.md): Check if a user's invite is still valid. This operation is useful to avoid having the user fill in a form only to be held by a validation issue (eg. expired invite). ## Consume a user invite - [POST /v1/users/{user_id}/invite/consume](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/userinviteconsume.md): Consumes an invitation previously sent to the user via _userInviteSend_. This is needed so that the invited user sets up the password. _Note that on the Sandbox Environment, the inviteCode is always set to \"123456\"._ ## Send an email verification code to the authorised user - [POST /v1/users/verification/email/send](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/authoriseduseremailverificationcodesend.md): The first step in verifying an authorised user's email. The authorised user whose email address is to be verified is sent an email containing a randomly generated code. This code must then be provided in the _authorisedUserEmailVerify_ operation to verify the authorised user's email address. _Note that on the Sandbox Environment, the verificationCode is always set to \"123456\"._ ## Verify email of the authorised user - [POST /v1/users/verification/email/verify](https://api.weavr.io/products/payment-run/openapi/buyer-authorised-users/authoriseduseremailverify.md): The second step in verifying the authorised user's email. The randomly generated code sent to the authorised user via email, using the _authorisedUserEmailVerificationCodeSend_ operation, is submitted here to verify the authorised user's email. This is needed as part of the verification process for basic due diligence. _Note that on the Sandbox Environment, the verificationCode is always set to \"123456\"._