User API

The User APIs enable you to manage user- and group-related operations in the ThoughtSpot system.

You can use the User APIs to manage your users and groups in ThoughtSpot. For example, you may want to view all users and groups in your ThoughtSpot cluster.

Transfer ownership

Use this API to transfer ownership of all objects from one user to another.

You cannot transfer objects to or from the system user or the administrative user.

Resource URL

post /tspublic/v1/user/transfer/ownership

Request Parameters

Query Parameter Data Type Description

fromUserName

string

Username to transfer from.

toUserName

string

Username to transfer to.

Request Example

cURL
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'X-Requested-By: ThoughtSpot' 'https://<instance>/callosum/v1/tspublic/v1/user/transfer/ownership?fromUserName=guest&toUserName=guest1'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/transfer/ownership?fromUserName=guest&toUserName=guest1

Response Example

Not applicable
204 - Successful login

Synchronize principals

Use this API to synchronize ThoughtSpot users and groups with your external database. The payload takes principals containing all users and groups present in the external database and a successful API call returns the object that represents the changes that were made in ThoughtSpot system. This means the following:

  • Objects (users or groups) present in ThoughtSpot, but not present in the external list - will be deleted in ThoughtSpot.

  • Objects present in ThoughtSpot, and present in the external list - will be updated such that the object attributes in ThoughtSpot match those present in the list. This includes group membership.

  • Objects not present in ThoughtSpot, and present in the external list - will be created in ThoughtSpot.

Resource URL

post /tspublic/v1/user/sync

Request Parameters

This API uses multipart/form-data content type.

Form Parameter Data Type Description

principals

string

Specifies a list of principal objects. This is ideally a JSON file containing containing all users and groups present in the external database.

applyChanges

boolean

A flag indicating whether to sync the users and groups to the system, and apply the difference evaluated. Use this parameter to validate a difference before applying changes.

removeDeleted

boolean

A flag indicating whether to remove deleted users/groups. When true, this flag removes any deleted users or groups.

password

string

Specifies a password.

Request Example

cURL
curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d 'applyChanges=false' 'https://<instance>/callosum/v1/tspublic/v1/user/sync'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/sync

Response Example

{
  'usersAdded': ['username1','username2'],
  'usersDeleted': ['username3'],
  'usersUpdated': ['username4'],
  'groupsAdded': ['groupname1'],
  'groupsDeleted': ['groupname2','groupname3'],
  'groupsUpdated': ['groupname4']
}

Change password

Use this API to change the password of a user.

Resource URL

post /tspublic/v1/user/updatepassword

Request Parameters

Form Parameter Data Type Description

name

string

Name of the user.

currentpassword

string

The current password of the user.

password

string

A new password of the user.

Request Example

cURL
curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' --header 'X-Requested-By: ThoughtSpot' -d 'name=guest&currentpassword=test&password=foobarfoobar' 'https://<instance>/callosum/v1/tspublic/v1/user/updatepassword'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/updatepassword

Response Example

Not applicable
204 - Successful password update

Fetch users and groups

Use this API to get a list of all users, groups, and their inter-dependencies in the form of principal objects. A typical principal object contains the following properties:

Property Description

name

Name of the principal.

This field, in conjunction with whether the object is a user or group, is used to identify a user/group. Consequently, this field is required to be unique (unique for users and groups separately. i.e., you can have user “x” and group “x”).

displayName

Display name of the principal.

description

Description of the principal.

mail

Email address of the user. This field should be populated in case of user only. It is ignored in the case of groups.

principalTypeEnum

Type of the user created in the ThoughtSpot system.

  • LOCAL_USER (a user is validated through password saved in the ThoughtSpot database)

  • LOCAL_GROUP

password

Password of the user. This field should be populated in case of user only. It is ignored in the case of groups. Password is only required:

  • if the user is of LOCAL_USER type

  • when the user is created for the first time.

In subsequent update, the user password is not updated even if it changes in the source system.

groupNames

Group names that a principal belongs to. Groups and users can belong to other groups.

Resource URL

get /tspublic/v1/user/list

Request Example

cURL
curl -X GET --header 'Accept: application/json' 'https://<instance>/callosum/v1/tspublic/v1/user/list'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/list

Response Example

[
  {
    "name": "Administrator",
    "displayName": "Administration Group",
    "created": 1354006445722,
    "modified": 1354006445987,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT"
  },
  {
    "name": "Analyst",
    "displayName": "Analyst Group",
    "created": 1354006445722,
    "modified": 1354006445987,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT"
  },
  {
    "name": "rls-group-3",
    "displayName": "rls-group-3",
    "description": "Contains directly rls-group-1, rls-group-2 and belongs direclty to rls-group-5",
    "created": 1459376495060,
    "modified": 1459376590681,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": ["rls-group-5"],
    "visibility": "DEFAULT"
  }
  ]