- Print
- DarkLight
Create a new user in the project. Sends an invitation email to the specified email address.
Creates a team account user and sends an invitation email. The invited_by field is required when using an M2M (machine-to-machine) token because the caller identity cannot be inferred automatically. For SSO users, set is_sso_user to true and optionally provide a scheme_name. Content role assignments with access scopes can be specified at creation time. Check email availability first via GET /v3/projects/{projectId}/users/email-availability to avoid duplicate invitation errors.
All V3 endpoints require a Bearer token. Generate tokens in the Document360 portal under Settings > API Tokens. Tokens are project-scoped, require the customerApi scope, and do not expire by default. Tokens can be revoked at any time from the portal. Include the token in every request: Authorization: Bearer <your-token>. Alternatively, use the Authorize button below to sign in via OAuth2 Authorization Code flow with PKCE.
The unique identifier of the project. Retrieve project IDs from GET /v3/projects.
The user creation request.
Invites a new team member with an Admin portal role and Editor content role scoped to the entire project.
{
"email": "[email protected]",
"first_name": "Jane",
"last_name": "Doe",
"invited_by": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d",
"is_sso_user": false,
"scheme_name": null,
"skip_sso_invitation_email": false,
"associated_portal_role_id": "f6a7b8c9-d0e1-2f3a-4b5c-6d7e8f9a0b1c",
"content_permissions": [
{
"associated_content_role_id": "a7b8c9d0-e1f2-3a4b-5c6d-7e8f9a0b1c2d",
"access_scope": {
"access_level": "project",
"categories": null,
"project_versions": null,
"languages": null
}
}
],
"associated_groups": [
"b8c9d0e1-f2a3-4b5c-6d7e-8f9a0b1c2d3e"
]
}Invites a team member who authenticates via SSO.
{
"email": "[email protected]",
"first_name": "Bob",
"last_name": "Wilson",
"invited_by": null,
"is_sso_user": true,
"scheme_name": "okta-saml",
"skip_sso_invitation_email": false,
"associated_portal_role_id": "f6a7b8c9-d0e1-2f3a-4b5c-6d7e8f9a0b1c",
"content_permissions": [
{
"associated_content_role_id": "a7b8c9d0-e1f2-3a4b-5c6d-7e8f9a0b1c2d",
"access_scope": {
"access_level": "project",
"categories": null,
"project_versions": null,
"languages": null
}
}
],
"associated_groups": null
}Request to invite a new team account user to the project.
Email address of the user to invite. Must be unique within the project.
First name of the user.
Last name of the user.
User ID of the person sending the invitation. Required for API token (M2M) authentication. When using a user access token (OAuth), this field is ignored — the user ID is resolved from the token. Retrieve user IDs from GET /v3/projects/{projectId}/users.
Whether the user authenticates via SSO instead of email/password. When true, you must also provide SchemeName. Retrieve available SSO schemes from GET /v3/projects/{projectId}/sso-schemes.
The SSO scheme name to use for authentication. Required when IsSsoUser is true. Retrieve available scheme names from GET /v3/projects/{projectId}/sso-schemes.
Whether to skip sending the SSO invitation email to the user.
Unique identifier of the portal role to assign to this user. Retrieve available roles from GET /v3/projects/{projectId}/users/roles (filter by RoleType = "Portal").
List of content role assignments defining what content the user can access and edit. Retrieve available content roles from GET /v3/projects/{projectId}/users/roles (filter by RoleType = "Content").
Defines a content role assignment with its access scope.
Unique identifier of the content role to assign. Retrieve available content roles from GET /v3/projects/{projectId}/users/roles (filter by RoleType = "Content").
The access scope defining which project versions, categories, or languages this role applies to.
The level at which access is scoped. Possible values: 0 = None, 1 = Category, 2 = Version, 3 = Project, 4 = Language, 5 = Article, 6 = Workspace.
List of specific category scopes when AccessLevel is Category (1). Null or empty for broader access levels.
Specifies access to a specific category within a project version and language.
Unique identifier of the project version containing the category. Retrieve from GET /v3/projects/{projectId}/project-versions.
Unique identifier of the category to grant access to. Retrieve from GET /v3/projects/{projectId}/categories.
Language code for the category translation (e.g., "en", "fr", "de"). Retrieve available languages from GET /v3/projects/{projectId}/languages.
List of project version IDs the reader has access to when AccessLevel is Version (2). Retrieve version IDs from GET /v3/projects/{projectId}/project-versions.
List of language scopes defining which translations the reader can access. Applicable when AccessLevel is Language (4).
Specifies access to a specific language within a project version.
Unique identifier of the project version. Retrieve from GET /v3/projects/{projectId}/project-versions.
Language code to grant access to (e.g., "en", "fr", "de"). Retrieve available languages from GET /v3/projects/{projectId}/languages.
List of user group IDs to add this user to. Retrieve group IDs from GET /v3/projects/{projectId}/users/groups.
User created successfully.
Returns the identifier of the user that was just created
{
"data": {
"user_id": "6c1d2e3f-a4b5-4c6d-e7f8-a9b0c1d2e3f4"
},
"success": true,
"request_id": "b8c9d0e1-f2a3-4567-bcda-f78901234567",
"errors": [],
"warnings": []
}Generic API response wrapper containing typed data.
Response data payload.
Unique identifier of the newly created user.
Whether the API request was successful.
Unique identifier for request tracing and correlation.
List of errors if the request failed.
Represents an error returned by the API.
Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).
Human-readable error message.
The request field that caused the error, if applicable.
Additional context about the error.
List of non-fatal warnings from the request.
Represents a non-fatal warning from the API.
Machine-readable warning code.
Human-readable warning message.
Validation error in the request.
RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json
URI reference identifying the error type (links to documentation).
Short human-readable summary of the error type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI of the request that generated the error.
Request trace identifier for correlation.
Structured list of specific errors (extension field).
Represents an error returned by the API.
Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).
Human-readable error message.
The request field that caused the error, if applicable.
Additional context about the error.
Non-fatal warnings (extension field).
Represents a non-fatal warning from the API.
Machine-readable warning code.
Human-readable warning message.
Authentication token is missing or invalid.
Authentication token is missing or invalid.
{
"type": "https://developer.document360.com/errors/unauthorized",
"title": "Unauthorized.",
"status": 401,
"detail": "The authentication token is missing or has expired.",
"instance": null,
"trace_id": "req_abc123def456",
"errors": [
{
"code": "UNAUTHORIZED",
"message": "Bearer token is missing or invalid.",
"field": null,
"details": null
}
],
"warnings": null
}RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json
URI reference identifying the error type (links to documentation).
Short human-readable summary of the error type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI of the request that generated the error.
Request trace identifier for correlation.
Structured list of specific errors (extension field).
Represents an error returned by the API.
Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).
Human-readable error message.
The request field that caused the error, if applicable.
Additional context about the error.
Non-fatal warnings (extension field).
Represents a non-fatal warning from the API.
Machine-readable warning code.
Human-readable warning message.
Rate limit exceeded. Retry after the duration specified in the Retry-After header.
Rate limit exceeded.
{
"type": "https://developer.document360.com/errors/too-many-requests",
"title": "Too Many Requests.",
"status": 429,
"detail": "Rate limit exceeded. Retry after the duration specified in the Retry-After header.",
"instance": null,
"trace_id": "req_abc123def456",
"errors": [
{
"code": "TOO_MANY_REQUESTS",
"message": "Rate limit exceeded. Retry after the duration specified in the Retry-After header.",
"field": null,
"details": null
}
],
"warnings": null
}RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json
URI reference identifying the error type (links to documentation).
Short human-readable summary of the error type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI of the request that generated the error.
Request trace identifier for correlation.
Structured list of specific errors (extension field).
Represents an error returned by the API.
Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).
Human-readable error message.
The request field that caused the error, if applicable.
Additional context about the error.
Non-fatal warnings (extension field).
Represents a non-fatal warning from the API.
Machine-readable warning code.
Human-readable warning message.
An unexpected server error occurred.
Unexpected server error.
{
"type": "https://developer.document360.com/errors/internal-error",
"title": "Internal Server Error.",
"status": 500,
"detail": "An unexpected error occurred. Please try again or contact support.",
"instance": null,
"trace_id": "req_abc123def456",
"errors": [
{
"code": "INTERNAL_SERVER_ERROR",
"message": "An unexpected error occurred.",
"field": null,
"details": null
}
],
"warnings": null
}RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json
URI reference identifying the error type (links to documentation).
Short human-readable summary of the error type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI of the request that generated the error.
Request trace identifier for correlation.
Structured list of specific errors (extension field).
Represents an error returned by the API.
Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).
Human-readable error message.
The request field that caused the error, if applicable.
Additional context about the error.
Non-fatal warnings (extension field).
Represents a non-fatal warning from the API.
Machine-readable warning code.
Human-readable warning message.
