Create a new user in the project. Sends an invitation email to the specified email address.
  • 12 May 2026
  • 9 Minutes to read
  • Contributors
  • Dark
    Light

Create a new user in the project. Sends an invitation email to the specified email address.

  • Dark
    Light

Article summary

Post
/v3/projects/{project_id}/users

Creates a team account user and sends an invitation email. The invited_by field is required when using an M2M (machine-to-machine) token because the caller identity cannot be inferred automatically. For SSO users, set is_sso_user to true and optionally provide a scheme_name. Content role assignments with access scopes can be specified at creation time. Check email availability first via GET /v3/projects/{projectId}/users/email-availability to avoid duplicate invitation errors.

Security
OAuth

All V3 endpoints require a Bearer token. Generate tokens in the Document360 portal under Settings > API Tokens. Tokens are project-scoped, require the customerApi scope, and do not expire by default. Tokens can be revoked at any time from the portal. Include the token in every request: Authorization: Bearer <your-token>. Alternatively, use the Authorize button below to sign in via OAuth2 Authorization Code flow with PKCE.

FlowAuthorization Code
Authorization URLhttps://identity.document360.net/connect/authorize
Token URLhttps://identity.document360.net/connect/token
Scopes:
customerApiDocument360 Customer API
Path parameters
project_id
string (uuid) Required

The unique identifier of the project. Retrieve project IDs from GET /v3/projects.

Example9a3b4c5d-6e7f-8a9b-0c1d-2e3f4a5b6c7d
Body parameters

The user creation request.

Invite a user with admin role

Invites a new team member with an Admin portal role and Editor content role scoped to the entire project.

{
  "email": "[email protected]",
  "first_name": "Jane",
  "last_name": "Doe",
  "invited_by": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d",
  "is_sso_user": false,
  "scheme_name": null,
  "skip_sso_invitation_email": false,
  "associated_portal_role_id": "f6a7b8c9-d0e1-2f3a-4b5c-6d7e8f9a0b1c",
  "content_permissions": [
    {
      "associated_content_role_id": "a7b8c9d0-e1f2-3a4b-5c6d-7e8f9a0b1c2d",
      "access_scope": {
        "access_level": "project",
        "categories": null,
        "project_versions": null,
        "languages": null
      }
    }
  ],
  "associated_groups": [
    "b8c9d0e1-f2a3-4b5c-6d7e-8f9a0b1c2d3e"
  ]
}
Invite an SSO user

Invites a team member who authenticates via SSO.

{
  "email": "[email protected]",
  "first_name": "Bob",
  "last_name": "Wilson",
  "invited_by": null,
  "is_sso_user": true,
  "scheme_name": "okta-saml",
  "skip_sso_invitation_email": false,
  "associated_portal_role_id": "f6a7b8c9-d0e1-2f3a-4b5c-6d7e8f9a0b1c",
  "content_permissions": [
    {
      "associated_content_role_id": "a7b8c9d0-e1f2-3a4b-5c6d-7e8f9a0b1c2d",
      "access_scope": {
        "access_level": "project",
        "categories": null,
        "project_versions": null,
        "languages": null
      }
    }
  ],
  "associated_groups": null
}
Expand All
object

Request to invite a new team account user to the project.

email
string (email) Required

Email address of the user to invite. Must be unique within the project.

Min length1
first_name
string | null

First name of the user.

last_name
string | null

Last name of the user.

invited_by
string | null

User ID of the person sending the invitation. Required for API token (M2M) authentication. When using a user access token (OAuth), this field is ignored — the user ID is resolved from the token. Retrieve user IDs from GET /v3/projects/{projectId}/users.

is_sso_user
boolean

Whether the user authenticates via SSO instead of email/password. When true, you must also provide SchemeName. Retrieve available SSO schemes from GET /v3/projects/{projectId}/sso-schemes.

scheme_name
string | null

The SSO scheme name to use for authentication. Required when IsSsoUser is true. Retrieve available scheme names from GET /v3/projects/{projectId}/sso-schemes.

skip_sso_invitation_email
boolean

Whether to skip sending the SSO invitation email to the user.

associated_portal_role_id
string Required

Unique identifier of the portal role to assign to this user. Retrieve available roles from GET /v3/projects/{projectId}/users/roles (filter by RoleType = "Portal").

Min length1
content_permissions
Array of object (ContentPermission) Required

List of content role assignments defining what content the user can access and edit. Retrieve available content roles from GET /v3/projects/{projectId}/users/roles (filter by RoleType = "Content").

object

Defines a content role assignment with its access scope.

associated_content_role_id
string Required

Unique identifier of the content role to assign. Retrieve available content roles from GET /v3/projects/{projectId}/users/roles (filter by RoleType = "Content").

Min length1
access_scope
object Required

The access scope defining which project versions, categories, or languages this role applies to.

access_level
string

The level at which access is scoped. Possible values: 0 = None, 1 = Category, 2 = Version, 3 = Project, 4 = Language, 5 = Article, 6 = Workspace.

Valid values[ "none", "category", "version", "project", "language", "article", "workspace" ]
categories
Array of object (CategoryScope) | null

List of specific category scopes when AccessLevel is Category (1). Null or empty for broader access levels.

object

Specifies access to a specific category within a project version and language.

project_version_id
string | null

Unique identifier of the project version containing the category. Retrieve from GET /v3/projects/{projectId}/project-versions.

category_id
string | null

Unique identifier of the category to grant access to. Retrieve from GET /v3/projects/{projectId}/categories.

lang_code
string | null

Language code for the category translation (e.g., "en", "fr", "de"). Retrieve available languages from GET /v3/projects/{projectId}/languages.

Exampleen
project_versions
Array of string | null

List of project version IDs the reader has access to when AccessLevel is Version (2). Retrieve version IDs from GET /v3/projects/{projectId}/project-versions.

string
languages
Array of object (LanguageScope) | null

List of language scopes defining which translations the reader can access. Applicable when AccessLevel is Language (4).

object

Specifies access to a specific language within a project version.

project_version_id
string | null

Unique identifier of the project version. Retrieve from GET /v3/projects/{projectId}/project-versions.

lang_code
string | null

Language code to grant access to (e.g., "en", "fr", "de"). Retrieve available languages from GET /v3/projects/{projectId}/languages.

Exampleen
associated_groups
Array of string | null

List of user group IDs to add this user to. Retrieve group IDs from GET /v3/projects/{projectId}/users/groups.

string
Responses
201

User created successfully.

Headers
Location
string
URL of the newly created resource.
Newly created user

Returns the identifier of the user that was just created

{
  "data": {
    "user_id": "6c1d2e3f-a4b5-4c6d-e7f8-a9b0c1d2e3f4"
  },
  "success": true,
  "request_id": "b8c9d0e1-f2a3-4567-bcda-f78901234567",
  "errors": [],
  "warnings": []
}
Expand All
object

Generic API response wrapper containing typed data.

data
object

Response data payload.

user_id
string | null

Unique identifier of the newly created user.

success
boolean

Whether the API request was successful.

request_id
string

Unique identifier for request tracing and correlation.

Min length1
errors
Array of object (ApiError) | null

List of errors if the request failed.

object

Represents an error returned by the API.

code
string

Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).

Min length1
message
string

Human-readable error message.

Min length1
field
string | null

The request field that caused the error, if applicable.

details
string | null

Additional context about the error.

warnings
Array of object (ApiWarning) | null

List of non-fatal warnings from the request.

object

Represents a non-fatal warning from the API.

code
string

Machine-readable warning code.

Min length1
message
string

Human-readable warning message.

Min length1
400

Validation error in the request.

Expand All
object

RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json

type
string

URI reference identifying the error type (links to documentation).

Min length1
title
string

Short human-readable summary of the error type.

Min length1
status
integer (int32)

HTTP status code.

detail
string | null

Human-readable explanation specific to this occurrence.

instance
string | null

URI of the request that generated the error.

trace_id
string | null

Request trace identifier for correlation.

errors
Array of object (ApiError) | null

Structured list of specific errors (extension field).

object

Represents an error returned by the API.

code
string

Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).

Min length1
message
string

Human-readable error message.

Min length1
field
string | null

The request field that caused the error, if applicable.

details
string | null

Additional context about the error.

warnings
Array of object (ApiWarning) | null

Non-fatal warnings (extension field).

object

Represents a non-fatal warning from the API.

code
string

Machine-readable warning code.

Min length1
message
string

Human-readable warning message.

Min length1
401

Authentication token is missing or invalid.

Headers
WWW-Authenticate
string
Indicates the authentication scheme required. Returns `Bearer` with optional `error` and `error_description` parameters per RFC 6750.
Missing or invalid token

Authentication token is missing or invalid.

{
  "type": "https://developer.document360.com/errors/unauthorized",
  "title": "Unauthorized.",
  "status": 401,
  "detail": "The authentication token is missing or has expired.",
  "instance": null,
  "trace_id": "req_abc123def456",
  "errors": [
    {
      "code": "UNAUTHORIZED",
      "message": "Bearer token is missing or invalid.",
      "field": null,
      "details": null
    }
  ],
  "warnings": null
}
Expand All
object

RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json

type
string

URI reference identifying the error type (links to documentation).

Min length1
title
string

Short human-readable summary of the error type.

Min length1
status
integer (int32)

HTTP status code.

detail
string | null

Human-readable explanation specific to this occurrence.

instance
string | null

URI of the request that generated the error.

trace_id
string | null

Request trace identifier for correlation.

errors
Array of object (ApiError) | null

Structured list of specific errors (extension field).

object

Represents an error returned by the API.

code
string

Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).

Min length1
message
string

Human-readable error message.

Min length1
field
string | null

The request field that caused the error, if applicable.

details
string | null

Additional context about the error.

warnings
Array of object (ApiWarning) | null

Non-fatal warnings (extension field).

object

Represents a non-fatal warning from the API.

code
string

Machine-readable warning code.

Min length1
message
string

Human-readable warning message.

Min length1
429

Rate limit exceeded. Retry after the duration specified in the Retry-After header.

Headers
Retry-After
integer
Number of seconds to wait before retrying the request. Use exponential backoff with jitter for optimal retry behavior.
X-RateLimit-Limit
integer
The maximum number of requests allowed in the current time window. Limits are applied per API token per project.
X-RateLimit-Remaining
integer
The number of requests remaining in the current time window. When this reaches 0, subsequent requests will receive a 429 response.
X-RateLimit-Reset
integer
The UTC epoch timestamp (in seconds) when the current rate limit window resets.
Rate limit exceeded

Rate limit exceeded.

{
  "type": "https://developer.document360.com/errors/too-many-requests",
  "title": "Too Many Requests.",
  "status": 429,
  "detail": "Rate limit exceeded. Retry after the duration specified in the Retry-After header.",
  "instance": null,
  "trace_id": "req_abc123def456",
  "errors": [
    {
      "code": "TOO_MANY_REQUESTS",
      "message": "Rate limit exceeded. Retry after the duration specified in the Retry-After header.",
      "field": null,
      "details": null
    }
  ],
  "warnings": null
}
Expand All
object

RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json

type
string

URI reference identifying the error type (links to documentation).

Min length1
title
string

Short human-readable summary of the error type.

Min length1
status
integer (int32)

HTTP status code.

detail
string | null

Human-readable explanation specific to this occurrence.

instance
string | null

URI of the request that generated the error.

trace_id
string | null

Request trace identifier for correlation.

errors
Array of object (ApiError) | null

Structured list of specific errors (extension field).

object

Represents an error returned by the API.

code
string

Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).

Min length1
message
string

Human-readable error message.

Min length1
field
string | null

The request field that caused the error, if applicable.

details
string | null

Additional context about the error.

warnings
Array of object (ApiWarning) | null

Non-fatal warnings (extension field).

object

Represents a non-fatal warning from the API.

code
string

Machine-readable warning code.

Min length1
message
string

Human-readable warning message.

Min length1
500

An unexpected server error occurred.

Unexpected server error

Unexpected server error.

{
  "type": "https://developer.document360.com/errors/internal-error",
  "title": "Internal Server Error.",
  "status": 500,
  "detail": "An unexpected error occurred. Please try again or contact support.",
  "instance": null,
  "trace_id": "req_abc123def456",
  "errors": [
    {
      "code": "INTERNAL_SERVER_ERROR",
      "message": "An unexpected error occurred.",
      "field": null,
      "details": null
    }
  ],
  "warnings": null
}
Expand All
object

RFC 7807 Problem Details response for V3 API errors. Content-Type: application/problem+json

type
string

URI reference identifying the error type (links to documentation).

Min length1
title
string

Short human-readable summary of the error type.

Min length1
status
integer (int32)

HTTP status code.

detail
string | null

Human-readable explanation specific to this occurrence.

instance
string | null

URI of the request that generated the error.

trace_id
string | null

Request trace identifier for correlation.

errors
Array of object (ApiError) | null

Structured list of specific errors (extension field).

object

Represents an error returned by the API.

code
string

Machine-readable error code (e.g. VALIDATION_ERROR, RESOURCE_NOT_FOUND).

Min length1
message
string

Human-readable error message.

Min length1
field
string | null

The request field that caused the error, if applicable.

details
string | null

Additional context about the error.

warnings
Array of object (ApiWarning) | null

Non-fatal warnings (extension field).

object

Represents a non-fatal warning from the API.

code
string

Machine-readable warning code.

Min length1
message
string

Human-readable warning message.

Min length1

Was this article helpful?