Creating user with password via Management API

When I create a new user via the Management API, do I pass the password as a clear string or do I need to pre-encrypt it? ( bcrypt() ? )

I’ve assumed that it gets encrypted/hashed by the API…


$newUser = $management->users()->create(“Username-Password-Authentication”, [ “email” => “”, “password” => “somepassword”, “email_verified” => true ] );

Hi @FuturShoc

Cleartext string. The doc doesn’t explicitly state this, sorry.


Thank you! I’ve been trying that, but I suspect my test password doesn’t meet the complexity requirements…

That should not matter - the password complexity rules are not checked in the mgmt API.


Are you sure about that?

Interesting! I did not know that.

If you are using a lazy migration custom DB, the password rules are not enforced. That is what I was thinking of.

Did you get it working with a sufficiently strong password?


1 Like

Yes, that appears to do the trick. I was able to create a new user via the Management API (programmatically) and was able to log in with it. Thanks for your help.

Excellent. I talked to a few experts yesterday, it turns out that the password strength rules are enforced almost everywhere EXCEPT the lazy migration case.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.