Identity & Access Management
The Identity & Access Management API provides comprehensive role-based access control functionality for managing users, teams, roles, and API keys in Firefly.
Users
List Users
List and filter users for the specified account
Account ID
Search users by name or email using full-text search
[email protected]Filter by exact email address match (returns single user or empty array)
[email protected]Filter by user type - either regular USER or Service Account (SA)
USERPossible values: Filter by role IDs - users must have at least one of these roles
["550e8400-e29b-41d4-a716-446655440000"]Filter by team IDs - users must be members of at least one of these teams
["660f9511-f3ac-52e5-b827-557766551111"]Maximum number of users to return
25Example: 25Number of users to skip
0Example: 0Array of users matching the search criteria
Bad request
Unauthorized
Forbidden
Create User
Create a new user in the system
Account ID
User's name
User type - either regular USER or Service Account (SA)
User's email address (required for type 'user', optional for type 'SA')
User's description or bio (optional, commonly used for SA)
List of role IDs to assign to the user
List of team IDs to add the user to
URL to user's profile photo
Email address of the person creating this user (will be looked up in the database)
If true, automatically assigns the 'Admin' role (from account_id=null) to the user
falseIf true, skips Auth0 user creation and password reset email. Use this flag for SSO users managed externally.
falseCreated user
Bad request
Unauthorized
Forbidden
User already exists
Get User
Retrieve details of a specific user
Account ID
User ID
User object
Unauthorized
Forbidden
User not found
Update User
Delete User
Delete a user from the system
Account ID
User ID
User deleted successfully
Unauthorized
Forbidden
User not found
No content
Teams
Get Current User's Team
List Teams
Retrieve a list of teams for the specified account
Account ID
Maximum number of teams to return
25Number of teams to skip
0Search teams by name (partial match)
Filter teams by role IDs (comma-separated)
Array of teams
Bad request
Unauthorized
Forbidden
Create Team
Get Team
Retrieve details of a specific team
Account ID
Team ID
Team object
Unauthorized
Forbidden
Team not found
Update Team
Delete Team
Delete a team from the system
Account ID
Team ID
Team deleted successfully
Unauthorized
Forbidden
Team not found
No content
List Team Members
Update Team Members
Bulk Update Team Members
Add multiple users to the specified team in a single operation
Account ID
Team ID
Array of user IDs to add to the team
Skip users that are already in the team instead of returning error
trueUsers added to team successfully
Bad request
Unauthorized
Forbidden
Team not found
API Keys
List API Keys
Retrieve a list of API keys for the specified account
Account ID
Search API keys by alias, description, user name, or team name using full-text search
Filter by API key type
Filter by user email (only returns USER type API keys with matching email)
Filter by user ID (returns API keys associated with this user)
Filter by team ID (returns API keys associated with this team)
Maximum number of API keys to return
25Number of API keys to skip
0Array of API keys
Bad request
Unauthorized
Forbidden
Create API Key
Generate a new API key
Account ID
Type of API key (scope)
User ID (required when type is USER)
Team ID (required when type is TEAM)
Human-readable alias for the API key
Description of the API key's purpose
When the API key should expire (must be in the future, RFC3339 format)
Email address of the person creating this API key (will be looked up in the database)
If true, creates an SA type user with admin role and attaches the API key to it (similar to migration logic)
falseCreated API key
Bad request
Unauthorized
Forbidden
Get API Key
Retrieve details of a specific API key
Account ID
API Key ID
API Key object
Unauthorized
Forbidden
API key not found
Update API Key
Delete API Key
Revoke/delete an API key
Account ID
API Key ID
API key revoked successfully
Unauthorized
Forbidden
API key not found
No content
Rotate API Key
Generate a new secret for an existing API key, invalidating the old secret. Optionally update alias, description, and expiration date.
Account ID
API Key ID
Human-readable alias for the API key
Description of the API key's purpose
When the API key should expire (must be in the future, RFC3339 format)
API key rotated successfully
Unauthorized
Forbidden
API key not found
Get API Key by Key Value
Roles
List Roles
Retrieve a list of roles for the specified account, including both account-specific roles and Firefly-managed (system-wide) roles. Firefly-managed roles have account_id as empty and are marked with fireflyManaged=true. For Firefly-managed roles, attached_users and team_names are filtered to show only those from the requesting account.
Account ID
Maximum number of roles to return
25Number of roles to skip
0Search term to filter roles by name or description
Array of roles
Bad request
Unauthorized
Forbidden
Create Role
Create a new role with specified permissions
Account ID
Role name
Role description
Optional list of integration IDs to restrict role's access to specific integrations
["integration-123","integration-456"]Optional list of provider types to restrict role's access to specific providers
["aws","azure","gcp"]Created role
Bad request
Unauthorized
Forbidden
Update Role
Delete Role
Delete a role from the system
Account ID
Role ID
Role deleted successfully
Unauthorized
Forbidden
Role not found
No content
Last updated
Was this helpful?