fusionauth logo
search-interface-symbol
Downloads
Quickstarts
API Docs
SDK
search-interface-symbol
talk to an expert
Log In
talk to an expert
Navigate to...
  • Welcome
  • Getting Started
    • Getting Started
    • 5-minute Setup Guide
      • Overview
      • Docker
      • Fast Path
      • Sandbox
    • Setup Wizard & First Login
    • Register a User and Login
    • Self-service Registration
    • Start and Stop FusionAuth
    • Core Concepts
      • Overview
      • Users
      • Roles
      • Groups
      • Registrations
      • Applications
      • Tenants
      • Identity Providers
      • Authentication/Authorization
      • Integration Points
    • Example Apps
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • PHP
      • Python
      • Ruby
    • Tutorials
      • Overview
      • Express.js
      • Flutter
      • Java Spring
      • Python Django
      • Python Flask
      • React
      • Ruby on Rails
      • Ruby on Rails API
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Marketplaces
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Microsoft Azure AD B2C
    • Tutorial
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Editions and Features
    • Key Rotation
    • Licensing
    • Monitoring
    • Prometheus Setup
    • Proxy Setup
    • Reference
      • Overview
      • Configuration
      • CORS
      • Data Types
      • Hosted Login Pages Cookies
      • Known Limitations
      • Password Hashes
    • Releases
    • Roadmap
    • Search And FusionAuth
    • Securing
    • Switch Search Engines
    • Technical Support
    • Troubleshooting
    • Upgrading
    • WebAuthn
  • Login Methods
    • Identity Providers
      • Overview
      • Apple
      • Epic Games
      • External JWT
        • Overview
        • Example
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
        • Overview
        • Amazon Cognito
        • Azure AD
        • Discord
        • Github
        • Okta
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • SAML v2
        • Overview
        • ADFS
        • Azure AD
        • Okta
      • SAML v2 IdP Initiated
        • Overview
        • Okta
      • Xbox
    • OIDC & OAuth 2.0
      • Overview
      • Endpoints
      • Tokens
      • OAuth Modes
      • URL Validation
      • Integrations
        • CockroachDB
        • Salesforce
    • Passwordless
      • Overview
      • Magic Links
      • WebAuthn & Passkeys
    • SAML v2 IdP
      • Overview
      • Google
      • PagerDuty
      • SendGrid
      • Tableau Cloud
      • Zendesk
  • Developer Guide
    • Overview
    • API Gateways
      • Overview
      • Amazon API Gateway
      • Kong Gateway
      • ngrok Cloud Edge
    • Client Libraries & SDKs
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • Node
      • OpenAPI
      • PHP
      • Python
      • React
      • Ruby
      • Typescript
    • Events & Webhooks
      • Overview
      • Writing a Webhook
      • Securing Webhooks
      • Events
        • Overview
        • Audit Log Create
        • Event Log Create
        • JWT Public Key Update
        • JWT Refresh
        • JWT Refresh Token Revoke
        • Kickstart Success
        • Group Create
        • Group Create Complete
        • Group Delete
        • Group Delete Complete
        • Group Update
        • Group Update Complete
        • Group Member Add
        • Group Member Add Complete
        • Group Member Remove
        • Group Member Remove Complete
        • Group Member Update
        • Group Member Update Complete
        • User Action
        • User Bulk Create
        • User Create
        • User Create Complete
        • User Deactivate
        • User Delete
        • User Delete Complete
        • User Email Update
        • User Email Verified
        • User IdP Link
        • User IdP Unlink
        • User Login Failed
        • User Login Id Dup. Create
        • User Login Id Dup. Update
        • User Login New Device
        • User Login Success
        • User Login Suspicious
        • User Password Breach
        • User Password Reset Send
        • User Password Reset Start
        • User Password Reset Success
        • User Password Update
        • User Reactivate
        • User Reg. Create
        • User Reg. Create Complete
        • User Reg. Delete
        • User Reg. Delete Complete
        • User Registration Update
        • User Reg. Update Complete
        • User Reg. Verified
        • User 2FA Method Add
        • User 2FA Method Remove
        • User Update
        • User Update Complete
    • Guides
      • Overview
      • Application Specific Email Templates
      • Authentication Tokens
      • Exposing A Local Instance
      • JSON Web Tokens
      • Key Master
      • Localization and Internationalization
      • Multi-Factor Authentication
      • Multi-Tenant
      • Passwordless
      • Registration-based Email Verification
      • Searching With Elasticsearch
      • Securing Your APIs
      • Silent Mode
      • Single Sign-on
      • Two Factor (pre 1.26)
    • Integrations
      • Overview
      • CleanSpeak
      • Kafka
      • Twilio
    • Plugins
      • Overview
      • Writing a Plugin
      • Custom Password Hashing
    • User Control & Gating
      • Overview
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
  • Customization
    • Email & Templates
      • Overview
      • Configure Email
      • Email Templates
      • Email Variables
      • Message Templates
    • Lambdas
      • Overview
      • Apple Reconcile
      • Client Cred. JWT Populate
      • Epic Games Reconcile
      • External JWT Reconcile
      • Facebook Reconcile
      • Google Reconcile
      • HYPR Reconcile
      • JWT Populate
      • LDAP Connector Reconcile
      • LinkedIn Reconcile
      • Nintendo Reconcile
      • OpenID Connect Reconcile
      • SAML v2 Populate
      • SAML v2 Reconcile
      • SCIM Group Req. Converter
      • SCIM Group Resp. Convtr.
      • SCIM User Req. Converter
      • SCIM User Resp. Converter
      • Self-Service Registration
      • Sony PSN Reconcile
      • Steam Reconcile
      • Twitch Reconcile
      • Twitter Reconcile
      • Xbox Reconcile
    • Messengers
      • Overview
      • Generic Messenger
      • Twilio Messenger
    • Themes
      • Overview
      • Examples
      • Helpers
      • Localization
      • Template Variables
      • Kickstart Custom Theme
  • Premium Features
    • Overview
    • Advanced Registration Forms
    • Advanced Threat Detection
    • Application Specific Themes
    • Breached Password Detection
    • Connectors
      • Overview
      • Generic Connector
      • LDAP Connector
      • FusionAuth Connector
    • Entity Management
    • SCIM
      • Overview
      • Azure AD Client
      • Okta Client
      • SCIM-SDK
    • Self Service Account Mgmt
      • Overview
      • Updating User Data & Password
      • Add Two-Factor Authenticator
      • Add Two-Factor Email
      • Add Two-Factor SMS
      • Add WebAuthn Passkey
      • Customizing
      • Bootstrapping Login
      • Troubleshooting
    • WebAuthn
  • APIs
    • Overview
    • Authentication
    • Errors
    • API Explorer
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Hosted Backend
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM User
      • SCIM Group
      • SCIM EnterpriseUser
      • SCIM Service Provider Config.
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • WebAuthn
    • Webhooks
  • Release Notes

    User Comment APIs

    Overview

    This page contains the APIs that are used for managing comments left by admins on user accounts.

    • Add a Comment to a User

    • Retrieve a User’s Comments

    • Search for User Comments

    Add a Comment to a User

    This API is used to add a User Comment to a User’s account. User Comments are used to allow administrators and moderators the ability to take notes on Users.

    Request

    Add a User Comment

    URI

    POST /api/user/comment

    Request Headers

    X-FusionAuth-TenantId [String] Optional

    The unique Id of the tenant used to scope this API request.

    The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.

    Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.

    See Making an API request using a Tenant Id for additional information.

    Request Body

    userComment.comment [String] Required

    The text of the User Comment.

    userComment.commenterId [UUID] Required

    The Id of the User that wrote the User Comment.

    userComment.userId [UUID] Required

    The Id of the User that the User Comment was written for.

    Example Request JSON
    
    {
      "userComment": {
        "comment": "Not sure if this user is violating any rules or not.",
        "commenterId": "00000000-0000-0000-0000-000000000002",
        "userId": "00000000-0000-0000-0000-000000000003"
      }
    }

    Response

    The response for this API contain the User Comment that was added to the User’s account.

    Table 1. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Response Body

    userComment.comment [String]

    The text of the User Comment.

    userComment.commenterId [UUID]

    The Id of the User that wrote the User Comment.

    userComment.createInstant [Long] Deprecated

    The instant when the comment was written. This was deprecated in 1.18.0. Use insertInstant instead.

    userComment.insertInstant [Long]

    The instant when the comment was written.

    userComment.id [UUID]

    The Id of the User Comment.

    userComment.userId [UUID]

    The Id of the User that the User Comment was written for.

    Example Response JSON
    
    {
      "userComment": {
        "comment": "Not sure if this user is violating any rules or not.",
        "commenterId": "00000000-0000-0000-0000-000000000002",
        "id": "00000000-0000-0000-0000-000000000042",
        "insertInstant": 1471786483322,
        "userId": "00000000-0000-0000-0000-000000000003"
      }
    }

    Retrieve a User’s Comments

    This API is used to retrieve all of the User Comments on a User’s account. User Comments are used to allow administrators and moderators the ability to take notes on Users.

    Request

    Retrieve all Comments for a User by Id

    URI

    GET /api/user/comment/{userId}

    Request Headers

    X-FusionAuth-TenantId [String] Optional

    The unique Id of the tenant used to scope this API request.

    The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.

    Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.

    See Making an API request using a Tenant Id for additional information.

    Request Parameters

    userId [UUID] Required

    The Id of the User to retrieve the User Comments for.

    Response

    The response for this API contains all of the User Comments for the User.

    Table 2. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you requested doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    503

    The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

    Response Body

    userComments [Array]

    The list of User Comment objects.

    userComments[x].comment [String]

    The text of the User Comment.

    userComments[x].commenterId [UUID]

    The Id of the User that wrote the User Comment.

    userComments[x].createInstant [Long] Deprecated

    The instant when the comment was written. This was deprecated in 1.18.0. Use insertInstant instead.

    userComments[x].id [UUID]

    The Id of the User Comment.

    userComments[x].insertInstant [Long]

    The instant when the comment was written.

    userComments[x].userId [UUID]

    The Id of the User that the User Comment was written for.

    Example Response JSON
    
    {
      "userComments": [
        {
          "comment": "Not sure if this user is violating any rules or not.",
          "commenterId": "00000000-0000-0000-0000-000000000002",
          "id": "00000000-0000-0000-0000-000000000042",
          "insertInstant": 1471786483322,
          "userId": "00000000-0000-0000-0000-000000000003"
        }
      ]
    }

    Search for User Comments

    This API has been available since 1.45.0

    This API is used to search for User Comments and may be called using the GET or POST HTTP methods. Examples of each are provided below. The POST method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET or POST HTTP method will provide the same search results given the same query parameters.

    Request

    Search for User Comments

    URI

    GET /api/user/comment/search?comment={comment}

    Request Headers

    X-FusionAuth-TenantId [String] Optional

    The unique Id of the tenant used to scope this API request.

    The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.

    Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.

    See Making an API request using a Tenant Id for additional information.

    Request Parameters

    comment [String] Optional

    The case-insensitive string to search for in the User Comment text. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

    commenterId [UUID] Optional

    Restricts the results to User Comments created by the given User.

    numberOfResults [Integer] Optional defaults to 25

    The number of results to return from the search.

    orderBy [String] Optional defaults to name ASC

    The field to order the search results as well as an order direction.

    The possible values are:

    • comment - the User Comment text

    • commenterId - the unique Id of the User who created the User Comment

    • id - the unique Id of the User Comment

    • insertInstant - the instant when the User Comment was created

    • tenantId -the unique Id of the Tenant to which the User Comment belongs

    • userId - the unique Id of the User to which the User Comment belongs

    The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

    For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

    startRow [Integer] Optional defaults to 0

    The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

    For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.

    tenantId [UUID] Optional

    Restricts the results to User Comments belonging to the given Tenant. This parameter will be overridden if the request contains an X-FusionAuth-TenantId header, or if the supplied API key is scoped to a specific Tenant.

    userId [UUID] Optional

    Restricts the results to User Comments belonging to the given User.

    Search for User Comments

    URI

    POST /api/user/comment/search

    Request Headers

    X-FusionAuth-TenantId [String] Optional

    The unique Id of the tenant used to scope this API request.

    The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.

    Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.

    See Making an API request using a Tenant Id for additional information.

    When calling the API using a POST request you will send the search criteria in a JSON request body.

    Request Body

    search.comment [String] Optional

    The case-insensitive string to search for in the User Comment text. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

    search.commenterId [UUID] Optional

    Restricts the results to User Comments created by the given User.

    search.numberOfResults [Integer] Optional defaults to 25

    The number of results to return from the search.

    search.orderBy [String] Optional defaults to name ASC

    The field to order the search results as well as an order direction.

    The possible values are:

    • comment - the User Comment text

    • commenterId - the unique Id of the User who created the User Comment

    • id - the unique Id of the User Comment

    • insertInstant - the instant when the User Comment was created

    • tenantId -the unique Id of the Tenant to which the User Comment belongs

    • userId - the unique Id of the User to which the User Comment belongs

    The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

    For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

    search.startRow [Integer] Optional defaults to 0

    The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

    For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.

    search.tenantId [UUID] Optional

    Restricts the results to User Comments belonging to the given Tenant. This parameter will be overridden if the request contains an X-FusionAuth-TenantId header, or if the supplied API key is scoped to a specific Tenant.

    search.userId [UUID] Optional

    Restricts the results to User Comments belonging to the given User.

    Example Request JSON
    
    {
      "search": {
        "comment": "violating",
        "commenterId": "00000000-0000-0000-0000-000000000002",
        "numberOfResults": 25,
        "orderBy": "insertInstant",
        "startRow": 0,
        "tenantId": "00000000-0000-0005-0000-000000000001",
        "userId": "00000000-0000-0000-0000-000000000003"
      }
    }

    Response

    The response for this API contains the User Comments matching the search criteria in paginated format and the total number of results matching the search criteria.

    Table 3. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    total [Integer]

    The total number of User Comments matching the search criteria. Use this value along with the numberOfResults and startRow in the search request to perform pagination.

    userComments [Array]

    The list of User Comment objects.

    userComments[x].comment [String]

    The text of the User Comment.

    userComments[x].commenterId [UUID]

    The Id of the User that wrote the User Comment.

    userComments[x].id [UUID]

    The Id of the User Comment.

    userComments[x].insertInstant [Long]

    The instant when the comment was written.

    userComments[x].userId [UUID]

    The Id of the User that the User Comment was written for.

    Example Response JSON
    
    {
      "userComments": [
        {
          "comment": "Not sure if this user is violating any rules or not.",
          "commenterId": "00000000-0000-0000-0000-000000000002",
          "id": "00000000-0000-0000-0000-000000000042",
          "insertInstant": 1471786483322,
          "userId": "00000000-0000-0000-0000-000000000003"
        }
      ],
      "total": 1
    }

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.

    © 2023 FusionAuth
    How-to
    Blog
    Expert Advice
    Download
    Release Notes
    Subscribe for developer updates