Create an identity

POST

/portal/v1/accounts/{accountSlug}/applications/{appSlug}/identities

Authentication

Bearer Token Authorization
JWT access token

Request body

emailstring*
first_namestring*
last_namestring*
passwordstring
Initial password (8-64 chars). NIST SP 800-63B aligned — no composition rules. HaveIBeenPwned breach check runs server-side. Omit to create a passwordless identity (sign-in via SSO/social or forgot-password reset).
external_idstring
metadataany object
role_idstring
node_idstring

Code samples

cURL

JavaScript

Python

curl -X POST "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/identities" \
  -H "Authorization: Bearer $CANOPY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "string",
    "first_name": "string",
    "last_name": "string",
    "password": "string",
    "external_id": "string",
    "metadata": {},
    "role_id": "string",
    "node_id": "string"
  }'

const response = await fetch("https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/identities", {
  method: "POST",
  headers: {
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "email": "string",
    "first_name": "string",
    "last_name": "string",
    "password": "string",
    "external_id": "string",
    "metadata": {},
    "role_id": "string",
    "node_id": "string"
  }),
});

const data = await response.json();

import requests

response = requests.post(
    "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/identities",
    headers={
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
    },
    json={
        "email": "string",
        "first_name": "string",
        "last_name": "string",
        "password": "string",
        "external_id": "string",
        "metadata": {},
        "role_id": "string",
        "node_id": "string",
    },
)

data = response.json()

package main

import (
	"bytes"
	"encoding/json"
	"net/http"
)

func main() {
	payload := map[string]interface{}{
		"email": "string",
		"first_name": "string",
		"last_name": "string",
		"password": "string",
		"external_id": "string",
		"metadata": map[string]interface{}{},
		"role_id": "string",
		"node_id": "string",
	}
	body, _ := json.Marshal(payload)

	req, _ := http.NewRequest("POST", "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/identities", bytes.NewBuffer(body))
	req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
	req.Header.Set("Content-Type", "application/json")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

201 Identity created (optionally with initial role assignment)

{
  "id": "string",
  "email": "string",
  "first_name": "string",
  "last_name": "string",
  "avatar_url": "string",
  "external_id": "string",
  "is_active": false,
  "created_at": "2026-04-20T12:00:00.000Z"
}

application/json

idstring*
emailstring*
first_namestring*
last_namestring*
avatar_urlstring
external_idstring
is_activeboolean*
created_atstring (date-time)*

400 Password rejected — appeared in a known data breach (HaveIBeenPwned check)

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

409 Email already exists in this Application

Returned object

The IdentityResponseDto object View all properties on this resource

On this page

GETList identities in Application
GETList identities with their role assignments
GETGet Application identities summary
POSTBulk-create identities
POSTRecord a bulk-import wizard completion
GETGet an identity
PATCHUpdate an identity
DELETERemove an identity
GETGet identity detail with role assignments
POSTActivate an identity
POSTDeactivate an identity
GETGet identity's role assignments
GETGet identity's effective permissions