Create an Application Role

This API is used to create a role for an Application. Specifying an Id on the URI will instruct FusionAuth to use that Id when creating the role. Otherwise, FusionAuth will generate an Id for the role.

When creating a role on a universal application, a global API key is required. A tenant-scoped API key is not sufficient for this operation.

Request#

API Key Authentication
Create a Role with a randomly generated Id
POST/api/application/{applicationId}/role
OpenAPI Spec
API Key Authentication
Create a Role with a provided unique Id
POST/api/application/{applicationId}/role/{roleId}
OpenAPI Spec

Request Headers#

X-FusionAuth-TenantIdStringoptional

The unique Id of the tenant used to scope this API request.

The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.

Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.

See Making an API request using a Tenant Id for additional information.

Request Parameters#

applicationIdUUIDrequired

The Id of the Application.

roleIdUUIDoptionalDefaults to secure random UUIDImmutable

The Id to use for the new role. If not specified a secure random UUID will be generated.

Request Body#

role.descriptionStringoptional

A description for the role.

role.nameStringrequired

The name of the Role.

role.isDefaultBooleanoptionalDefaults to false

Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided.

role.isSuperRoleBooleanoptionalDefaults to false

Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API.

Example Request JSON

{
  "role": {
    "description": "a new role for the app",
    "name": "role 3",
    "isDefault": true
  }
}

Response#

The response for this API contains the information for the role that was created.

Response Codes
CodeDescription
200The request was successful. The response will contain a JSON body.
400The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body#

role.descriptionString

The description of the role.

role.idUUID

The Id of the Role.

role.insertInstantLong

The instant that the Role was added to the FusionAuth database.

role.lastUpdateInstantLong

The instant that the Role was updated in the FusionAuth database.

role.nameString

The name of the Role.

role.isDefaultBoolean

Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided.

role.isSuperRoleBoolean

Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API.

Example Response JSON

{
  "role": {
    "description": "a new role for the app",
    "id": "ce485a91-906f-4615-af75-81d37dc71e90",
    "insertInstant": 1595361142909,
    "lastUpdateInstant": 1595361143101,
    "name": "role 3",
    "isDefault": true
  }
}