Create Merchant User
POST/v1/acquirer/merchants/:merchant_id/users
Create a dashboard user for a merchant and send them an invitation email. The email must be unique within the merchant.
Required permission: merchant_users_create.
Request
Path Parameters
Acquirer-assigned merchant identifier (the merchant_id field of
the merchant, not its internal UUID).
- application/json
Body
required
Full display name.
Login email. Must be unique within the merchant.
Optional free-text note (role, team, etc.).
Permission strings to assign. See the permissions endpoint for the available values.
Responses
- 201
- 401
- 403
- 404
- 422
The created user. An invitation email is queued.
- application/json
- Schema
- Example (from schema)
Schema
A 36-character UUIDv7 identifier.
false while the user is disabled.
A 36-character UUIDv7 identifier.
A 36-character UUIDv7 identifier.
A 36-character UUIDv7 identifier.
ISO 8601 UTC timestamp with time zone designator.
A 36-character UUIDv7 identifier.
Possible values: [AcquirerUser, MerchantUser, StaffUser, AcquirerApiKey, null]
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"active": true,
"merchant_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"email": "[email protected]",
"name": "string",
"description": "string",
"permissions": [
"orders_read",
"agreements_read"
],
"two_factor_enabled": true,
"created_by_user_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"disabled_by_user_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"disabled_at": "2025-01-15T14:30:00Z",
"invited_by_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"invited_by_type": "AcquirerUser",
"invitation_sent_at": "2025-01-15T14:30:00Z",
"invitation_accepted_at": "2025-01-15T14:30:00Z",
"password_expires_at": "2025-01-15T14:30:00Z",
"must_reset_password_at": "2025-01-15T14:30:00Z",
"password_reset_at": "2025-01-15T14:30:00Z",
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z"
}
Authentication failed.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Missing authentication information"
}
The API key lacks the required permission.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Unauthorized"
}
The referenced resource does not exist or belongs to another acquirer.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "The Order you are looking for was not found."
}
Validation error.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
errors
object
required
property name*
string[]
string
{
"message": "The given data was invalid.",
"errors": {
"email": [
"This field is missing."
]
}
}