TODO
In order to create a new user (Person - Social - Register), or to update an existing user (Person - Social - Update), the following object is POSTed:
Setup object
{ "user": { ... }, "auth": { ... } }
Where the "user" object has the following format:
User create/update object
"user": { // System parameters: "WPUserID": string, // (See below for "WP" explanation) The primary key for users, defaults to "email[0]" if not specified "created": string, // Optional Java date format - set to be the time of the API call if not specified (and is immutable after that) "modified": string, // Optional Java date format - set to be the time of the API call if not specified (and is updated on each "update" call after that) // (created/modified might want to be explicitly set in CMS cases where the actual Infinit.e account creation is deferred) // Joint system/display parameters: "email": [ string ], // Must contain at least one entry; all but the first are ignored. (Also "email[0]" must be unique if WPUserID is not specified.) // Display parameters: "firstname": string, // Optional, though at least 1 of "firstname", "lastname" must be specified; used for display purposes only "lastname": string, // Optional, though at least 1 of "firstname", "lastname" must be specified; used for display purposes only "phone": string, // Optional, for display purposes only "mobile": string, // Optional, for display purposes only // CMS parameters (currently none of these are used, so are optional!) "SubscriptionID": string, "SubscriptionTypeID": string, "SubscriptionStartDate": string, // Java date format "SubscriptionEndDate": string // Java date format - once implemented, this date will be used to suspend user accounts once expired }
and the "auth" object has the following format:
User authentication create/update format
"auth": { "WPUserID": string, // Optional - in "update" commands this can be populated (equal to email address if no WPUserID originally specified) and the "user" object left blank "password": string, // The password, mandatory for "register" API calls (otherwise optional). Can either be in the clear or SHA-256/Base64 encoded "accountType": string // Optional, defaults to "user". Admins can set this to be "admin" to create new administrators. }
Note that in many places, these objects are referred to as "wpuser" or "WordPressUser" and "wpauth"/"WordPressAuth" because they were originally only used in integrated CMS (eg WordPress) scenarios. Their role was later expanded to being the sole way of managing users.
(Note also that in addition to posting the aggregate object, the individual objects can be encoded and sent as URL parameters in a GET request, as described in the API pages linked above.