fusionauth logo
search-interface-symbol
Quickstarts
API Docs
SDK
search-interface-symbol
talk to an expert
Log In
talk to an expert
Navigate to...
  • Welcome
  • Getting Started
    • Getting Started
    • 5-minute Setup Guide
      • Overview
      • Docker
      • Fast Path
      • Sandbox
    • Setup Wizard & First Login
    • Register a User and Login
    • Self-service Registration
    • Start and Stop FusionAuth
    • Core Concepts
      • Overview
      • Users
      • Roles
      • Groups
      • Registrations
      • Applications
      • Tenants
      • Identity Providers
      • Authentication/Authorization
      • Integration Points
    • Example Apps
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • PHP
      • Python
      • Ruby
    • Tutorials
      • Overview
      • Java Spring
      • Python Django
      • Ruby on Rails
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Marketplaces
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Microsoft Azure AD B2C
    • Tutorial
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Editions and Features
    • Key Rotation
    • Licensing
    • Monitoring
    • Prometheus Setup
    • Proxy Setup
    • Reference
      • Overview
      • Configuration
      • CORS
      • Data Types
      • Hosted Login Pages Cookies
      • Known Limitations
      • Password Hashes
    • Releases
    • Roadmap
    • Search And FusionAuth
    • Securing
    • Switch Search Engines
    • Technical Support
    • Troubleshooting
    • Upgrading
    • WebAuthn
  • Login Methods
    • Identity Providers
      • Overview
      • Apple
      • Epic Games
      • External JWT
        • Overview
        • Example
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
        • Overview
        • Amazon Cognito
        • Azure AD
        • Discord
        • Github
        • Okta
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • SAML v2
        • Overview
        • ADFS
        • Azure AD
        • Okta
      • SAML v2 IdP Initiated
        • Overview
        • Okta
      • Xbox
    • OIDC & OAuth 2.0
      • Overview
      • Endpoints
      • Tokens
      • OAuth Modes
      • URL Validation
    • Passwordless
      • Overview
      • Magic Links
      • WebAuthn & Passkeys
    • SAML v2 IdP
      • Overview
      • Google
      • PagerDuty
      • Tableau Cloud
      • Zendesk
  • Developer Guide
    • Overview
    • API Gateways
      • Overview
      • Amazon API Gateway
      • Kong Gateway
      • ngrok Cloud Edge
    • Client Libraries & SDKs
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • Node
      • OpenAPI
      • PHP
      • Python
      • React
      • Ruby
      • Typescript
    • Events & Webhooks
      • Overview
      • Writing a Webhook
      • Securing Webhooks
      • Events
        • Overview
        • Audit Log Create
        • Event Log Create
        • JWT Public Key Update
        • JWT Refresh
        • JWT Refresh Token Revoke
        • Kickstart Success
        • Group Create
        • Group Create Complete
        • Group Delete
        • Group Delete Complete
        • Group Update
        • Group Update Complete
        • Group Member Add
        • Group Member Add Complete
        • Group Member Remove
        • Group Member Remove Complete
        • Group Member Update
        • Group Member Update Complete
        • User Action
        • User Bulk Create
        • User Create
        • User Create Complete
        • User Deactivate
        • User Delete
        • User Delete Complete
        • User Email Update
        • User Email Verified
        • User IdP Link
        • User IdP Unlink
        • User Login Failed
        • User Login Id Dup. Create
        • User Login Id Dup. Update
        • User Login New Device
        • User Login Success
        • User Login Suspicious
        • User Password Breach
        • User Password Reset Send
        • User Password Reset Start
        • User Password Reset Success
        • User Password Update
        • User Reactivate
        • User Reg. Create
        • User Reg. Create Complete
        • User Reg. Delete
        • User Reg. Delete Complete
        • User Registration Update
        • User Reg. Update Complete
        • User Reg. Verified
        • User 2FA Method Add
        • User 2FA Method Remove
        • User Update
        • User Update Complete
    • Guides
      • Overview
      • Application Specific Email Templates
      • Authentication Tokens
      • Exposing A Local Instance
      • JSON Web Tokens
      • Key Master
      • Localization and Internationalization
      • Multi-Factor Authentication
      • Multi-Tenant
      • Passwordless
      • Registration-based Email Verification
      • Searching With Elasticsearch
      • Securing Your APIs
      • Silent Mode
      • Single Sign-on
      • Two Factor (pre 1.26)
    • Integrations
      • Overview
      • CleanSpeak
      • Kafka
      • Twilio
    • Plugins
      • Overview
      • Writing a Plugin
      • Custom Password Hashing
    • User Control & Gating
      • Overview
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
  • Customization
    • Email & Templates
      • Overview
      • Configure Email
      • Email Templates
      • Email Variables
      • Message Templates
    • Lambdas
      • Overview
      • Apple Reconcile
      • Client Cred. JWT Populate
      • Epic Games Reconcile
      • External JWT Reconcile
      • Facebook Reconcile
      • Google Reconcile
      • HYPR Reconcile
      • JWT Populate
      • LDAP Connector Reconcile
      • LinkedIn Reconcile
      • Nintendo Reconcile
      • OpenID Connect Reconcile
      • SAML v2 Populate
      • SAML v2 Reconcile
      • SCIM Group Req. Converter
      • SCIM Group Resp. Convtr.
      • SCIM User Req. Converter
      • SCIM User Resp. Converter
      • Self-Service Registration
      • Sony PSN Reconcile
      • Steam Reconcile
      • Twitch Reconcile
      • Twitter Reconcile
      • Xbox Reconcile
    • Messengers
      • Overview
      • Generic Messenger
      • Twilio Messenger
    • Themes
      • Overview
      • Examples
      • Helpers
      • Localization
      • Template Variables
      • Kickstart Custom Theme
  • Premium Features
    • Overview
    • Advanced Registration Forms
    • Advanced Threat Detection
    • Application Specific Themes
    • Breached Password Detection
    • Connectors
      • Overview
      • Generic Connector
      • LDAP Connector
      • FusionAuth Connector
    • Entity Management
    • SCIM
      • Overview
      • Azure AD Client
      • Okta Client
      • SCIM-SDK
    • Self Service Account Mgmt
      • Overview
      • Updating User Data & Password
      • Add Two-Factor Authenticator
      • Add Two-Factor Email
      • Add Two-Factor SMS
      • Add WebAuthn Passkey
      • Customizing
      • Troubleshooting
    • WebAuthn
  • APIs
    • Overview
    • Authentication
    • Errors
    • API Explorer
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM User
      • SCIM Group
      • SCIM EnterpriseUser
      • SCIM Service Provider Config.
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • WebAuthn
    • Webhooks
  • Release Notes

    User Action APIs

    Overview

    This page contains the APIs for managing user actions. This API does not cover actually actioning users. Instead, this is the CRUD API for manage the user action definitions.

    If you want to apply an existing user action to a user, see the Actioning Users API.

    Here are the APIs:

    • Create a User Action

    • Retrieve a User Action

    • Update a User Action

    • Delete a User Action

    • Reactivate a User Action

    Create a User Action

    This API is used to create an User Action. Specifying an Id on the URI will instruct FusionAuth to use that Id when creating the User Action. Otherwise, FusionAuth will generate an Id for the User Action.

    Request

    Create a User Action with a randomly generated Id

    URI

    POST /api/user-action

    Create a User Action with the provided unique Id

    URI

    POST /api/user-action/{userActionId}

    Request Parameters

    userActionId [UUID] Optional defaults to secure random UUID

    The Id to use for the new User Action. If not specified a secure random UUID will be generated.

    Request Body

    userAction.cancelEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions are canceled.

    userAction.endEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userAction.includeEmailInEventJSON [Boolean] Optional

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userAction.localizedNames [Map<Locale, String>] Optional

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userAction.modifyEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions are modified.

    userAction.name [String] Required

    The name of this User Action.

    userAction.options [Array] Optional

    The list of User Action Options.

    userAction.options[x].localizedNames [Map<Locale, String>] Optional

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userAction.options[x].name [String] Optional

    The name of this User Action Option.

    userAction.preventLogin [Boolean] Optional defaults to false

    Whether or not this User Action will prevent user login. When this value is set to true the action must also be marked as a time based action. See temporal.

    userAction.sendEndEvent [Boolean] Optional defaults to true

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    Prior to version 1.36.7 this value defaulted to false. The default value was modified to be true by default to reduce confusion because in most cases when utilizing User Action events, the end event is desired.

    userAction.startEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions are started (created).

    userAction.temporal [Boolean] Optional defaults to false

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    An action that prevents login must be time based.

    Time based actions can still be applied to a user for an indefinite amount of time. A time based action is one that may be canceled or modified. A non time-based action may not be modified or canceled.

    An example of a non time-based action would be a reward, such as sending a user a coupon. This action cannot be canceled, or modified. When a non time-based action is taken, it is immediately complete and will show up in the user action history.

    userAction.userEmailingEnabled [Boolean] Optional defaults to false

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userAction.userNotificationsEnabled [Boolean] Optional defaults to false

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Request JSON
    
    {
      "userAction": {
        "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
        "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
        "includeEmailInEventJSON": true,
        "localizedNames": {
          "de": "Dauerhaft Verbieten"
        },
        "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
        "name": "Permanently Ban",
        "options": [
          {
            "name": "Nicely",
            "localizedNames": {
              "de": "Schön"
            }
          },
          {
            "name": "Meanly",
            "localizedNames": {
              "de": "Bedeuten"
            }
          }
        ],
        "preventLogin": true,
        "sendEndEvent": true,
        "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
        "temporal": true,
        "userEmailingEnabled": true,
        "userNotificationsEnabled": true
      }
    }

    Response

    The response for this API contains the information for the User Action that was created.

    Table 1. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Response Body

    userAction.active [Boolean]

    Whether or not this User Action is active.

    userAction.cancelEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are canceled.

    userAction.endEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userAction.id [UUID]

    The Id of the User Action.

    userAction.insertInstant [Long]

    The instant when the User Action was created.

    userAction.includeEmailInEventJSON [Boolean]

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userAction.lastUpdateInstant [Long]

    The instant when the User Action was last updated.

    userAction.localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userAction.modifyEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are modified.

    userAction.modifyEmailTemplateId [String]

    The name of this User Action.

    userAction.options [Array]

    The list of User Action Options.

    userAction.options[x].localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userAction.options[x].name [String]

    The name of this User Action Option.

    userAction.preventLogin [Boolean]

    Whether or not this User Action will prevent the User from logging in.

    userAction.sendEndEvent [Boolean]

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    userAction.startEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are started (created).

    userAction.temporal [Boolean]

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    userAction.userEmailingEnabled [Boolean]

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userAction.userNotificationsEnabled [Boolean]

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Response JSON for a Single User Action
    
    {
      "userAction": {
        "active": true,
        "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
        "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
        "id": "00000000-0000-0000-0000-000000000042",
        "includeEmailInEventJSON": true,
        "localizedNames": {
          "de": "Dauerhaft Verbieten"
        },
        "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
        "name": "Permanently Ban",
        "options": [
          {
            "name": "Nicely",
            "localizedNames": {
              "de": "Schön"
            }
          },
          {
            "name": "Meanly",
            "localizedNames": {
              "de": "Bedeuten"
            }
          }
        ],
        "preventLogin": true,
        "sendEndEvent": true,
        "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
        "temporal": true,
        "userEmailingEnabled": true,
        "userNotificationsEnabled": true
      }
    }

    Retrieve a User Action

    This API is used to retrieve one or all of the configured User Actions. Specifying an Id on the URI will retrieve a single User Action. Leaving off the Id will retrieve all of the User Actions.

    Request

    Retrieve all of the User Actions

    URI

    GET /api/user-action

    Retrieve a User Action by Id

    URI

    GET /api/user-action/{userActionId}

    Request Parameters

    userActionId [UUID] Optional

    The Id of the User Action to retrieve.

    Response

    The response for this API contains either a single User Action or all of the User Actions. When you call this API with an Id the response will contain just that User Action. When you call this API without an Id the response will contain all of the User Actions. Both response types are defined below along with an example JSON response.

    Table 2. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you requested doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Response Body

    userAction.active [Boolean]

    Whether or not this User Action is active.

    userAction.cancelEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are canceled.

    userAction.endEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userAction.id [UUID]

    The Id of the User Action.

    userAction.insertInstant [Long]

    The instant when the User Action was created.

    userAction.includeEmailInEventJSON [Boolean]

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userAction.lastUpdateInstant [Long]

    The instant when the User Action was last updated.

    userAction.localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userAction.modifyEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are modified.

    userAction.modifyEmailTemplateId [String]

    The name of this User Action.

    userAction.options [Array]

    The list of User Action Options.

    userAction.options[x].localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userAction.options[x].name [String]

    The name of this User Action Option.

    userAction.preventLogin [Boolean]

    Whether or not this User Action will prevent the User from logging in.

    userAction.sendEndEvent [Boolean]

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    userAction.startEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are started (created).

    userAction.temporal [Boolean]

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    userAction.userEmailingEnabled [Boolean]

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userAction.userNotificationsEnabled [Boolean]

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Response JSON for a Single User Action
    
    {
      "userAction": {
        "active": true,
        "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
        "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
        "id": "00000000-0000-0000-0000-000000000042",
        "includeEmailInEventJSON": true,
        "localizedNames": {
          "de": "Dauerhaft Verbieten"
        },
        "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
        "name": "Permanently Ban",
        "options": [
          {
            "name": "Nicely",
            "localizedNames": {
              "de": "Schön"
            }
          },
          {
            "name": "Meanly",
            "localizedNames": {
              "de": "Bedeuten"
            }
          }
        ],
        "preventLogin": true,
        "sendEndEvent": true,
        "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
        "temporal": true,
        "userEmailingEnabled": true,
        "userNotificationsEnabled": true
      }
    }

    Response Body

    userActions [Array]

    The list of User Action objects.

    userActions[x].active [Boolean]

    Whether or not this User Action is active.

    userActions[x].cancelEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are canceled.

    userActions[x].endEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userActions[x].id [UUID]

    The Id of the User Action.

    userActions[x].includeEmailInEventJSON [Boolean]

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userActions[x].localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userActions[x].modifyEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are modified.

    userActions[x].modifyEmailTemplateId [String]

    The name of this User Action.

    userActions[x].options [Array]

    The list of User Action Options.

    userActions[x].options[x].localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userActions[x].options[x].name [String]

    The name of this User Action Option.

    userActions[x].preventLogin [Boolean]

    Whether or not this User Action will prevent the User from logging in.

    userActions[x].sendEndEvent [Boolean]

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    userActions[x].startEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are started (created).

    userActions[x].temporal [Boolean]

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    userActions[x].userEmailingEnabled [Boolean]

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userActions[x].userNotificationsEnabled [Boolean]

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Response JSON for all the User Actions
    
    {
      "userActions": [
        {
          "active": true,
          "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
          "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
          "id": "00000000-0000-0000-0000-000000000042",
          "includeEmailInEventJSON": true,
          "localizedNames": {
            "de": "Dauerhaft Verbieten"
          },
          "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
          "name": "Permanently Ban",
          "options": [
            {
              "name": "Nicely",
              "localizedNames": {
                "de": "Schön"
              }
            },
            {
              "name": "Meanly",
              "localizedNames": {
                "de": "Bedeuten"
              }
            }
          ],
          "preventLogin": true,
          "sendEndEvent": true,
          "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
          "temporal": true,
          "userEmailingEnabled": true,
          "userNotificationsEnabled": true
        }
      ]
    }

    Update a User Action

    This API is used to update an existing User Action.

    You must specify the Id of the User Action you are updating on the URI.

    You must specify all of the properties of the User Action when calling this API with the PUT HTTP method. When used with PUT, this API doesn’t merge the existing User Action and your new data. It replaces the existing User Action with your new data.

    Utilize the PATCH HTTP method to send specific changes to merge into an existing User Action.

    Request

    Update a User Action by Id

    URI

    PUT /api/user-action/{userActionId}

    PATCH /api/user-action/{userActionId}

    Available since 1.39.0

    When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902 or JSON Merge Patch/RFC 7396. See the PATCH documentation for more information.

    Available since 1.12.0

    When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A null value can be used to remove a value. Patching an Array will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.

     

    Request Parameters

    userActionId [UUID] Required

    The Id of the User Action to update.

    Request Body

    userAction.cancelEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions are canceled.

    userAction.endEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userAction.includeEmailInEventJSON [Boolean] Optional

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userAction.localizedNames [Map<Locale, String>] Optional

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userAction.modifyEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions are modified.

    userAction.name [String] Required

    The name of this User Action.

    userAction.options [Array] Optional

    The list of User Action Options.

    userAction.options[x].localizedNames [Map<Locale, String>] Optional

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userAction.options[x].name [String] Optional

    The name of this User Action Option.

    userAction.preventLogin [Boolean] Optional defaults to false

    Whether or not this User Action will prevent user login. When this value is set to true the action must also be marked as a time based action. See temporal.

    userAction.sendEndEvent [Boolean] Optional defaults to true

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    Prior to version 1.36.7 this value defaulted to false. The default value was modified to be true by default to reduce confusion because in most cases when utilizing User Action events, the end event is desired.

    userAction.startEmailTemplateId [UUID] Optional

    The Id of the Email Template that is used when User Actions are started (created).

    userAction.temporal [Boolean] Optional defaults to false

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    An action that prevents login must be time based.

    Time based actions can still be applied to a user for an indefinite amount of time. A time based action is one that may be canceled or modified. A non time-based action may not be modified or canceled.

    An example of a non time-based action would be a reward, such as sending a user a coupon. This action cannot be canceled, or modified. When a non time-based action is taken, it is immediately complete and will show up in the user action history.

    userAction.userEmailingEnabled [Boolean] Optional defaults to false

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userAction.userNotificationsEnabled [Boolean] Optional defaults to false

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Request JSON
    
    {
      "userAction": {
        "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
        "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
        "includeEmailInEventJSON": true,
        "localizedNames": {
          "de": "Dauerhaft Verbieten"
        },
        "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
        "name": "Permanently Ban",
        "options": [
          {
            "name": "Nicely",
            "localizedNames": {
              "de": "Schön"
            }
          },
          {
            "name": "Meanly",
            "localizedNames": {
              "de": "Bedeuten"
            }
          }
        ],
        "preventLogin": true,
        "sendEndEvent": true,
        "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
        "temporal": true,
        "userEmailingEnabled": true,
        "userNotificationsEnabled": true
      }
    }

    Response

    The response for this API contains the new information for the User Action that was updated.

    Table 3. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you are trying to update doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Response Body

    userAction.active [Boolean]

    Whether or not this User Action is active.

    userAction.cancelEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are canceled.

    userAction.endEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userAction.id [UUID]

    The Id of the User Action.

    userAction.insertInstant [Long]

    The instant when the User Action was created.

    userAction.includeEmailInEventJSON [Boolean]

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userAction.lastUpdateInstant [Long]

    The instant when the User Action was last updated.

    userAction.localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userAction.modifyEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are modified.

    userAction.modifyEmailTemplateId [String]

    The name of this User Action.

    userAction.options [Array]

    The list of User Action Options.

    userAction.options[x].localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userAction.options[x].name [String]

    The name of this User Action Option.

    userAction.preventLogin [Boolean]

    Whether or not this User Action will prevent the User from logging in.

    userAction.sendEndEvent [Boolean]

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    userAction.startEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are started (created).

    userAction.temporal [Boolean]

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    userAction.userEmailingEnabled [Boolean]

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userAction.userNotificationsEnabled [Boolean]

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Response JSON for a Single User Action
    
    {
      "userAction": {
        "active": true,
        "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
        "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
        "id": "00000000-0000-0000-0000-000000000042",
        "includeEmailInEventJSON": true,
        "localizedNames": {
          "de": "Dauerhaft Verbieten"
        },
        "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
        "name": "Permanently Ban",
        "options": [
          {
            "name": "Nicely",
            "localizedNames": {
              "de": "Schön"
            }
          },
          {
            "name": "Meanly",
            "localizedNames": {
              "de": "Bedeuten"
            }
          }
        ],
        "preventLogin": true,
        "sendEndEvent": true,
        "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
        "temporal": true,
        "userEmailingEnabled": true,
        "userNotificationsEnabled": true
      }
    }

    Delete a User Action

    This API is used to delete an User Action. You must specify the Id of the User Action on the URI.

    Request

    Soft delete a User Action. This operation can be reversed by re-activating the User Action.

    URI

    DELETE /api/user-action/{userActionId}

    Permanently delete a User Action. This operation cannot be reversed.

    URI

    DELETE /api/user-action/{userActionId}&hardDelete=true

    Request Parameters

    userActionId [UUID] Required

    The Id of the User Action to delete.

    hardDelete [Boolean] Optional

    Whether or not the User Action is soft or hard deleted.

    Response

    This API does not return a JSON response body.

    Table 4. Response Codes
    Code Description

    200

    The request was successful. The response will be empty.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you are trying to delete doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Reactivate a User Action

    This API is used to reactivate an inactive User Action. You must specify the Id of the Application on the URI.

    Request

    Reactivate the User Action

    URI

    PUT /api/user-action/{userActionId}?reactivate=true

    Request Parameters

    userActionId [UUID] Required

    The Id of the User Action to reactivate.

    Response

    The response for this API contains the information for the User Action that was reactivated.

    Table 5. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you requested doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Response Body

    userAction.active [Boolean]

    Whether or not this User Action is active.

    userAction.cancelEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are canceled.

    userAction.endEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions expired automatically (end).

    userAction.id [UUID]

    The Id of the User Action.

    userAction.insertInstant [Long]

    The instant when the User Action was created.

    userAction.includeEmailInEventJSON [Boolean]

    Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.

    userAction.lastUpdateInstant [Long]

    The instant when the User Action was last updated.

    userAction.localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.

    userAction.modifyEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are modified.

    userAction.modifyEmailTemplateId [String]

    The name of this User Action.

    userAction.options [Array]

    The list of User Action Options.

    userAction.options[x].localizedNames [Map<Locale, String>]

    A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.

    userAction.options[x].name [String]

    The name of this User Action Option.

    userAction.preventLogin [Boolean]

    Whether or not this User Action will prevent the User from logging in.

    userAction.sendEndEvent [Boolean]

    Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.

    userAction.startEmailTemplateId [UUID]

    The Id of the Email Template that is used when User Actions are started (created).

    userAction.temporal [Boolean]

    Whether or not this User Action is time-based (temporal). Time based actions are temporary and once expired the action will no longer be considered active and will not affect the user.

    userAction.userEmailingEnabled [Boolean]

    Whether or not email is enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to email the User.

    userAction.userNotificationsEnabled [Boolean]

    Whether or not user notifications are enabled for this User Action. If this is true, a checkbox will appear in the FusionAuth UI for this User Action that allows admins to specify that they want to "notify users". What is does is send an additional flag named notifyUser in the event JSON that is sent to any registered Webhooks.

    Example Response JSON for a Single User Action
    
    {
      "userAction": {
        "active": true,
        "cancelEmailTemplateId": "00000000-0000-0000-0000-000000000001",
        "endEmailTemplateId": "00000000-0000-0000-0000-000000000002",
        "id": "00000000-0000-0000-0000-000000000042",
        "includeEmailInEventJSON": true,
        "localizedNames": {
          "de": "Dauerhaft Verbieten"
        },
        "modifyEmailTemplateId": "00000000-0000-0000-0000-000000000003",
        "name": "Permanently Ban",
        "options": [
          {
            "name": "Nicely",
            "localizedNames": {
              "de": "Schön"
            }
          },
          {
            "name": "Meanly",
            "localizedNames": {
              "de": "Bedeuten"
            }
          }
        ],
        "preventLogin": true,
        "sendEndEvent": true,
        "startEmailTemplateId": "00000000-0000-0000-0000-000000000004",
        "temporal": true,
        "userEmailingEnabled": true,
        "userNotificationsEnabled": true
      }
    }

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.

    © 2023 FusionAuth
    How-to
    Blog
    Expert Advice
    Download
    Subscribe for developer updates