openapi: 3.0.3 info: title: SOAT Users API version: 1.0.0 description: API for managing users (Users resource) contact: name: SOAT Team url: https://github.com/ttoss/soat servers: - url: '{baseUrl}' description: Base URL of your SOAT deployment (e.g. https://your-soat.com or http://localhost:5047) variables: baseUrl: description: The base URL of your SOAT deployment default: http://localhost:5047 tags: - name: Users description: Manage users - name: User Policies description: Manage user policies security: - bearerAuth: [] paths: /api/v1/users: get: tags: - Users summary: List all users description: Returns a list of all users operationId: listUsers responses: '200': description: List of users returned successfully content: application/json: schema: type: array items: $ref: '#/components/schemas/UserRecord' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' post: tags: - Users summary: Create a user description: Creates a new user in the system operationId: createUser requestBody: required: true content: application/json: schema: type: object required: - username - password properties: username: type: string example: johndoe password: type: string format: password example: supersecret role: type: string enum: [admin, user] example: user responses: '201': description: User created successfully content: application/json: schema: $ref: '#/components/schemas/UserRecord' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /api/v1/users/{user_id}: get: tags: - Users summary: Get a user by ID description: Returns the data of a specific user operationId: getUser parameters: - name: user_id in: path required: true description: User ID schema: type: string example: usr_V1StGXR8Z5jdHi6B responses: '200': description: User found content: application/json: schema: $ref: '#/components/schemas/UserRecord' '404': description: User not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' delete: tags: - Users summary: Delete a user by ID description: Deletes a specific user operationId: deleteUser parameters: - name: user_id in: path required: true description: User ID schema: type: string example: usr_V1StGXR8Z5jdHi6B responses: '204': description: User deleted successfully '404': description: User not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /api/v1/users/bootstrap: post: tags: - Users summary: Create the first admin user description: Creates the first admin user. Returns 409 if any user already exists. operationId: bootstrapUser security: [] requestBody: required: true content: application/json: schema: type: object required: - username - password properties: username: type: string example: admin password: type: string format: password example: supersecret responses: '201': description: Admin user created successfully content: application/json: schema: $ref: '#/components/schemas/UserRecord' '409': description: Users already exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /api/v1/users/login: post: tags: - Users summary: Login user description: Authenticates a user and returns a JWT token operationId: loginUser security: [] requestBody: required: true content: application/json: schema: type: object required: - username - password properties: username: type: string example: admin password: type: string format: password example: supersecret responses: '200': description: Login successful content: application/json: schema: $ref: '#/components/schemas/LoginResponse' '401': description: Invalid credentials content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /api/v1/users/{user_id}/policies: get: tags: - Users summary: Get policies attached to a user description: Returns the list of policies attached to a user. Requires admin role. operationId: getUserPolicies parameters: - name: user_id in: path required: true description: User public ID (usr_ prefix) schema: type: string example: usr_V1StGXR8Z5jdHi6B responses: '200': description: List of policies attached to the user content: application/json: schema: type: array items: type: object properties: id: type: string example: pol_V1StGXR8Z5jdHi6B name: type: string description: type: string '401': description: Unauthorized '403': description: Forbidden (non-admin user) '404': description: User not found put: tags: - Users summary: Attach policies to a user description: Replaces the user's policy list with the provided policy IDs. Requires admin role. operationId: attachUserPolicies parameters: - name: user_id in: path required: true description: User public ID (usr_ prefix) schema: type: string example: usr_V1StGXR8Z5jdHi6B requestBody: required: true content: application/json: schema: type: object required: - policy_ids properties: policy_ids: type: array items: type: string description: List of policy public IDs to attach (replaces existing) example: ['pol_V1StGXR8Z5jdHi6B'] responses: '204': description: Policies attached successfully '400': description: Bad request (policy_ids must be an array) content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized '403': description: Forbidden (non-admin user) '404': description: User or policy not found components: securitySchemes: bearerAuth: type: http scheme: bearer description: JWT token or sk_ api key schemas: UserRecord: type: object properties: id: type: string description: Public user ID (usr_ prefix) example: usr_V1StGXR8Z5jdHi6B username: type: string example: johndoe role: type: string enum: [admin, user] example: user created_at: type: string format: date-time example: '2024-01-01T00:00:00.000Z' updated_at: type: string format: date-time example: '2024-01-01T00:00:00.000Z' LoginResponse: type: object properties: id: type: string description: Public user ID (usr_ prefix) example: usr_V1StGXR8Z5jdHi6B username: type: string example: admin role: type: string enum: [admin, user] example: admin token: type: string description: JWT bearer token example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 ErrorResponse: type: object properties: error: type: string example: 'An error occurred'