User Management
Application Users
Section titled “Application Users”Every user who signs up through an application creates an application_user
record. This record represents the user’s membership in that specific
application. A user can have different memberships in different applications.
User States
Section titled “User States”| State | Meaning |
|---|---|
active | User can access the application normally |
suspended | User cannot access the application. Signin is rejected by the policy engine. |
disabled | User is permanently blocked from the application. |
pending_approval | User registered but needs admin approval. |
pending_invitation | User was invited but hasn’t completed registration. |
Admin Operations
Section titled “Admin Operations”List Users
Section titled “List Users”Filter by status to see specific groups:
GET /api/admin/applications/:id/users?status=suspendedSuspend a User
Section titled “Suspend a User”Prevents the user from signing in. The user remains in the database and can be reactivated later. Useful for temporary account holds.
Activate a User
Section titled “Activate a User”Restores a suspended user to active status. The user can sign in normally.
Remove a User
Section titled “Remove a User”Deletes the application_user record. The global user account is NOT
affected — they can still access other applications.
Status Propagation
Section titled “Status Propagation”When a user is suspended in an application, the policy engine rejects
all signin attempts for that application immediately. The user is not
notified of the suspension — the signin endpoint simply returns a
USER_SUSPENDED error.
User Roles
Section titled “User Roles”| Role | Permissions |
|---|---|
member | Standard user |
admin | Can manage other users in the application |
billing_admin | Can manage subscriptions for the application |
Roles are per-application. A user can be admin in one application and
member in another.