API endpoint | Available from |
---|---|
| ThoughtSpot Cloud ts7.jun.cl |
| ThoughtSpot Cloud ts7.sep.cl |
| ThoughtSpot Cloud ts7.aug.cl |
| ThoughtSpot Cloud ts7.oct.cl |
| ThoughtSpot Cloud 8.10.0.cl |
| ThoughtSpot Cloud ts7.oct.cl |
| ThoughtSpot Cloud ts7.oct.cl |
| ThoughtSpot Cloud ts7.april.cl |
| ThoughtSpot Cloud ts7.jun.cl |
| ThoughtSpot Cloud ts7.april.cl |
| ThoughtSpot Cloud ts7.april.cl |
| ThoughtSpot Cloud ts7.sep.cl |
| ThoughtSpot Cloud ts7.sep.cl |
| ThoughtSpot Cloud ts7.sep.cl |
| ThoughtSpot Cloud ts7.april.cl |
| ThoughtSpot Cloud ts7.oct.cl |
| ThoughtSpot Cloud ts7.oct.cl |
| ThoughtSpot Cloud ts7.oct.cl |
| ThoughtSpot Cloud ts7.oct.cl |
User API
- Supported operations
- Create a user
- Update user details
- Add or modify the email address of a user
- Add users to an Org
- Get user details
- Deactivate a user account
- Activate a user account
- Invalidate a user session
- Delete a user account
- Get a list of users and groups
- Change password
- Reset password
- Update a user profile
- Transfer ownership
- Synchronize principals
- Assign a user to groups
- Get user group details for a specific user
- Update group association for a user
- Remove a user from user groups
The User APIs allow you to programmatically create, update, and administer ThoughtSpot users.
Supported operations๐
Required permissions๐
You must have administrator access to create, edit, and delete a user, assign users to groups, transfer objects from one user to another, and invalidate, deactivate or activate a user session.
If you have a multi-tenant instance with Orgs feature enabled, the cluster admin can create a user and associate the user to an orgid
. For more information about Orgs, see Multi-tenancy with Orgs.
Create a user๐
To programmatically create a user account in the ThoughtSpot system, send a POST request to /tspublic/v1/user/
API endpoint. Using this API, you can create a user and assign a user to a group.
Note
|
|
Resource URL๐
POST /tspublic/v1/user/
Request parameters๐
Parameter | Type | Description | ||
---|---|---|---|---|
| Form parameter | String. Name of the user. The username string must be unique. | ||
| Form parameter | String. Password for the user account.
| ||
| Form parameter | String. A unique display name string for the user, usually their first and last name. | ||
| Form parameter | String. A JSON map of user properties fetched from external systems such as LDAP. User property such as email address can be added in the JSON format.
| ||
| Form parameter | Array of strings. A JSON array of the GUIDs of groups to which you want to assign the user. The user privileges are determined by the group to which you assign the user. For example, if you assign the user to a group that has the | ||
| Form parameter | String. Type of user. The default value is
NOTE:
| ||
| Form parameter | String. GUID of the tenant for which the user is being created. | ||
| Form parameter | String. Visibility of the user. The | ||
| Form parameter | Integer. A JSON array of org IDs to which you want to add the user. If | ||
| Form parameter | Boolean. Indicates if the API request is initiated by a ThoughtSpot administrator or an external application. The default value is | ||
| Query parameter | String. The Org scope. Applicable to ThoughtSpot instances with Orgs feature enabled. When set to | ||
| Query parameter | Boolean. When set to |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'name=TS%20User&password=testy1%4022&displayname=TS%20User&usertype=LOCAL_USER&visibility=DEFAULT' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/?sendEmail=true'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/?sendEmail=true
Example response๐
If the user is successfully created in ThoughtSpot, the API returns the user GUID along with the following JSON response:
{
"userContent": {
"userPreferences": {
"notifyOnShare": true,
"showWalkMe": true,
"analystOnboardingComplete": false
},
"userProperties": {
"mail": "[email protected]",
"displayNameLastUpdatedBy": "ADMIN"
},
"userActivityProto": {
"first_login": -1,
"welcome_email_sent": false
}
},
"state": "ACTIVE",
"assignedGroups": [
"b25ee394-9d13-49e3-9385-cd97f5b253b4"
],
"inheritedGroups": [
"b25ee394-9d13-49e3-9385-cd97f5b253b4"
],
"privileges": [],
"type": "LOCAL_USER",
"parenttype": "USER",
"visibility": "DEFAULT",
"tenantId": "982d6da9-9cd1-479e-b9a6-35aa05f9282a",
"displayName": "userA2023",
"header": {
"id": "f31cc613-5f03-4df6-bc4a-309ab6160c0c",
"indexVersion": 0,
"generationNum": 0,
"name": "userA2023",
"displayName": "userA2023",
"author": "59481331-ee53-42be-a548-bd87be6ddd4a",
"created": 1698063672659,
"modified": 1698063672659,
"modifiedBy": "59481331-ee53-42be-a548-bd87be6ddd4a",
"owner": "f31cc613-5f03-4df6-bc4a-309ab6160c0c",
"isDeleted": false,
"isHidden": false,
"orgIds": [
0
],
"tags": [],
"type": "LOCAL_USER",
"aiAnswerGenerationDisabled": false,
"isExternal": false,
"isDeprecated": false,
"isSharedViaConnection": false
},
"complete": true,
"incompleteDetail": [],
"isSuperUser": false,
"isSystemPrincipal": false
}
Response codes๐
HTTP status code | Description |
---|---|
200 | Successful operation |
400 | Invalid parameter values |
409 | Username is not unique |
403 | Unauthorized request |
500 | Incorrect password format |
Update user details๐
To modify an existing user account, send a PUT
request to the /tspublic/v1/user/{userid}
endpoint.
This API you to modify the following properties of a user object:
-
Username modifications
-
Password reset
-
Group assignment
-
User visibility for sharing objects
-
Userโs email address
-
User preferences, such as viewing onboarding experience, subscribing to or unsubscribing from email notifications, and so on.
Note
|
You can also use the |
Resource URL๐
PUT /tspublic/v1/user/{userid}
Request parameters๐
Parameter | Type | Description | ||
---|---|---|---|---|
| Form parameter | String. GUID of the user. | ||
| Form parameter | String. A JSON map of strings with the user profile attributes.
| ||
| Form parameter | String. Password string for the user account. Use this attribute to change the password of the user account. | ||
| Form parameter | Boolean. Indicates if the user update API request is initiated by the ThoughtSpot administrator or an external application. By default, the
| ||
| Query parameter | String. The Org scope. If you are making this API request for a user that belongs to a different Org than the one you are currently logged in to, specify |
Example request๐
curl -X PUT \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'userid=6deb3976-e7c9-4f6a-94cc-90d790ee828d&content= {
"userContent":{
"userPreferences":{
"notifyOnShare":false
},
"userProperties": {
"mail": "[email protected]",
},
"userActivityProto":{
"welcome_email_sent":true
}
},
"state":"ACTIVE",
"assignedGroups":[
"f67ea2a4-efe7-4881-9ec4-32e1cb2605f3",
"6085cc9f-087a-4075-9b33-11578538cec8"
],
"inheritedGroups":[
"bed1da2ea-e9b0-4d3e-8156-02dd331577d5"
],
"privileges":[
"A3ANALYSIS",
"DATADOWNLOADING",
"SHAREWITHALL",
"USERDATAUPLOADING",
"DATAMANAGEMENT",
"ADMINISTRATION",
],
"displayName":"UserA",
}&triggeredbyadmin=true' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/{userid}'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/{userid}
JSON file example for updating user profile๐
{
"userContent":{
"userPreferences":{
"notifyOnShare":false,
},
"userActivityProto":{
"welcome_email_sent":true
}
},
"state":"ACTIVE",
"assignedGroups":[
"f67ea2a4-efe7-4881-9ec4-32e1cb2605f3",
"6085cc9f-087a-4075-9b33-11578538cec8"
],
"inheritedGroups":[
"bed1da2ea-e9b0-4d3e-8156-02dd331577d5"
],
"privileges":[
"A3ANALYSIS",
"DATADOWNLOADING",
"SHAREWITHALL",
"USERDATAUPLOADING",
"DATAMANAGEMENT",
"ADMINISTRATION",
],
"displayName":"UserA",
"header":{
"id":"d1f4f2c8-c5bb-4f20-a81d-1f24af0b3286",
"indexVersion":0,
"generationNum":0,
"name":"TS User2",
"author":"59481331-ee53-42be-a548-bd87be6ddd4a",
"created":1624846987754,
"modified":1624846987754,
"modifiedBy":"59481331-ee53-42be-a548-bd87be6ddd4a",
"owner":"d1f4f2c8-c5bb-4f20-a81d-1f24af0b3286",
"tags":[
],
"isExternal":false,
"isDeprecated":false
},
"complete":true,
"incompleteDetail":[
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/{userid}
JSON file example for updating user profile๐
The following example shows the JSON map content to send in the API request:
{
"userContent": {
"userPreferences": {
"notifyOnShare": true,
"showWalkMe": true,
"analystOnboardingComplete": false
},
"userProperties": {
"mail": "[email protected]",
"displayNameLastUpdatedBy": "ADMIN"
},
"userActivityProto": {
"first_login": -1,
"welcome_email_sent": false
}
},
"state": "ACTIVE",
"assignedGroups": [
"b25ee394-9d13-49e3-9385-cd97f5b253b4"
"f67ea2a4-efe7-4881-9ec4-32e1cb2605f3",
"6085cc9f-087a-4075-9b33-11578538cec8"
],
"inheritedGroups": [
"b25ee394-9d13-49e3-9385-cd97f5b253b4"
],
"privileges": [],
"type": "LOCAL_USER",
"parenttype": "USER",
"visibility": "DEFAULT",
"tenantId": "982d6da9-9cd1-479e-b9a6-35aa05f9282a",
"displayName": "TestDisplayName",
"header": {
"id": "d99556d5-9a32-4dea-bf40-b8955dcd186a",
"indexVersion": 0,
"generationNum": 0,
"name": "Test",
"displayName": "TestDisplayName",
"author": "59481331-ee53-42be-a548-bd87be6ddd4a",
"created": 1697793220573,
"modified": 1697793220573,
"modifiedBy": "59481331-ee53-42be-a548-bd87be6ddd4a",
"owner": "d99556d5-9a32-4dea-bf40-b8955dcd186a",
"isDeleted": false,
"isHidden": false,
"orgIds": [
0
],
"tags": [],
"type": "LOCAL_USER",
"aiAnswerGenerationDisabled": false,
"aiAnswerState": "NOT_SET",
"isExternal": false,
"isDeprecated": false,
"isSharedViaConnection": false,
"isVerified": false
},
"complete": true,
"incompleteDetail": [],
"isSuperUser": false,
"isSystemPrincipal": false
}
Example response๐
On successful update of the user profile, the API returns the following response code:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
403 | Unauthorized request |
500 | Invalid content format |
Add or modify the email address of a user๐
To add or modify the email address of a user, send a PUT
request to the /tspublic/v1/user/email
API endpoint.
Resource URL๐
PUT /tspublic/v1/user/email
Request parameters๐
Form parameter | Description |
---|---|
| String. GUID of the user. |
| String. Email address of the user. |
Example request๐
curl -X PUT \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'userid=a8aeda00-dc3c-4485-b8d1-fd6ac701a819&emailid=user123%40thoughtspot.com'\
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/email'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/email
Example response๐
If the email address is added successfully, the API returns the following response code:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid user ID |
500 | Invalid email format |
Add users to an Org๐
To add one or several users to an org, send a POST
request to the POST /tspublic/v1/user/addtoorg
API endpoint.
Resource URL๐
POST /tspublic/v1/user/addtoorg
Request parameters๐
Parameter | Type | Description |
---|---|---|
| Form parameter | String. A JSON array of user GUIDs to add to the specified org. |
| Form parameter | Integer. ID of the Org object to which you want to assign the users. By default, the user is added to the Org context from which the API request is sent. To add the user to another Org, specify the Org ID and set |
| Query parameter | String. The Org scope. For cross-Org operations, set this attribute to |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
-d 'userids=%5B4391d676-2dd8-4248-b6db-d973811f0122%2C37539499-624a-4d3d-8f88-e9be5653c114%5D&orgid=3' \
'http://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/addtoorg?orgScope=ALL'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/addtoorg?orgScope=ALL
Example response๐
If the request is successful, the API returns the 204 response code:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid parameter |
403 | Unauthorized request |
Get user details๐
To get the details of a specific user account or all users in the ThoughtSpot system, send a GET
request to /tspublic/v1/user/
API endpoint.
Note
|
If you want to get a list of object headers associated with a user or user group, you can use the |
Resource URL๐
GET /tspublic/v1/user/
Request parameters๐
Query parameter | Description |
---|---|
| String. The GUID of the user account to query. |
| String. Username of the user that you want to query. |
Note
|
You can use either |
Example request๐
curl -X GET \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/?userid=b995e481-d0a7-4820-b1e8-54051ede77a2'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/?userid=b995e481-d0a7-4820-b1e8-54051ede77a2
Example response๐
{
"userContent": {
"userPreferences": {
"notifyOnShare": true,
"showWalkMe": true,
"analystOnboardingComplete": false
},
"userProperties": {
"displayNameLastUpdatedBy": "ADMIN",
"persona": "BUSINESS_USER"
"mail": "[email protected]",
"companyName": "",
"activatedAtMs": 1649842964294
},
"userActivityProto": {
"first_login": -1,
"welcome_email_sent": false
}
},
"state": "ACTIVE",
"assignedGroups": [
"b25ee394-9d13-49e3-9385-cd97f5b253b4"
],
"inheritedGroups": [
"b25ee394-9d13-49e3-9385-cd97f5b253b4"
],
"privileges": [
"AUTHORING"
],
"type": "LOCAL_USER",
"parenttype": "USER",
"visibility": "DEFAULT",
"tenantId": "982d6da9-9cd1-479e-b9a6-35aa05f9282a",
"displayName": "kailash",
"header": {
"id": "b995e481-d0a7-4820-b1e8-54051ede77a2",
"indexVersion": 2602,
"generationNum": 2602,
"name": "kailash",
"displayName": "kailash",
"author": "59481331-ee53-42be-a548-bd87be6ddd4a",
"created": 1623728042624,
"modified": 1623728042624,
"modifiedBy": "59481331-ee53-42be-a548-bd87be6ddd4a",
"owner": "b995e481-d0a7-4820-b1e8-54051ede77a2",
"isDeleted": false,
"isHidden": false,
"tags": [],
"type": "LOCAL_USER",
"isExternal": false,
"isDeprecated": false
},
"complete": true,
"incompleteDetail": [],
"isSuperUser": false,
"isSystemPrincipal": false
}
Note
|
If no |
Response codes๐
HTTP status code | Description |
---|---|
200 | Successful retrieval of user details |
400 | Invalid username string |
500 | Invalid user ID |
Deactivate a user account๐
To deactivate a user account, send a POST
request to the /tspublic/v1/user/inactivate
API endpoint.
Resource URL๐
POST /tspublic/v1/user/inactivate
Request parameters๐
Form parameter | Description |
---|---|
| String. Username of the user account to deactivate. |
| String. The URL of the cluster on which the user account is currently active. |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: text/plain' --header 'X-Requested-By: ThoughtSpot' \
-d 'username=usr1&url=https%3A%2F%2F{ThoughtSpot-Host}.cloud%2F' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/inactivate'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/inactivate
Example response๐
If the deactivation operation is successful, the API returns the following response:
https://{ThoughtSpot-Host}/#/activate?id=5fe00a84-e7eb-4a8b-b58d-ec205de9c645&token=JHNoaXJvMSRTSEEtMjU2JDUwMDAwMCR1WUlOQ0VLbGtWMXZyMWtXUGdKSG9nPT0kTjY3Znd2STA1bURMMXNVMDMzVUkvK2tybllaZUUwUktTUWNEUEJZNWQwbz0
Note the user ID and auth token string. You will need this information to re-activate a user account via POST /tspublic/v1/user/activate
API call.
Response codes๐
HTTP status code | Description |
---|---|
200 | Successful operation |
403 | Unauthorized request |
500 | Invalid username |
Activate a user account๐
To activate a user account that is currently inactive, send a POST
request to the /tspublic/v1/user/activate
API endpoint.
Important
|
When a user account is deactivated using the |
Resource URL๐
POST /tspublic/v1/user/activate
Request parameters๐
Form parameter | Description |
---|---|
| String. The GUID of the user account to activate. |
| String. The authentication token to reactivate the user account. |
| String. The password string for the user account. |
| String. User property string on the Base64 Encoded format. For example, if the userโs email address is |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'userid=996969b6-0a4c-4e3d-9f38-a976fe821790&auth_token=JHNoaXJvMSRTSEEtMjU2JDUwMDAwMCRKWE9MWU4yalVHYUdZaXdHS0dsbWFRPT0kUDRvODVkS1dsRHMyNWd0Njg5K0ZDZVl5R2h1MFBTKzBlQk1pRGNyaW9CQT0&password=fooFoo123!&properties=VXNlckFAdGhvdWdoc3BvdC5jb20='
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/activate'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/activate
Example response๐
If the user account activation is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
403 | Unauthorized request |
500 | Invalid user ID |
Invalidate a user session๐
After a password of a user account is reset, you may want to invalidate a user session and force the user to re-login with the new password. To invalidate a user session, you can send a POST
request to the /tspublic/v1/user/session/invalidate
endpoint.
Warning
|
|
Resource URL๐
POST /tspublic/v1/user/session/invalidate
Request parameters๐
Form parameter | Description |
---|---|
| Array of strings. A JSON array of usernames of the users whose sessions you want to revoke. This attribute is Optional if the |
| Array of strings. A JSON array of the GUIDs of the user account. This attribute is Optional if the |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'username=%5B%22tsadmin%22%5D' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/session/invalidate'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/session/invalidate
Example response๐
If the user deactivation operation is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
403 | Unauthorized request |
500 | Invalid username or userID |
Delete a user account๐
To remove a user from the ThoughtSpot system, send a DELETE
request to the /tspublic/v1/user/{userid}
API endpoint.
Resource URL๐
DELETE /tspublic/v1/user/{userid}
Request parameters๐
Parameter | Type | Description |
---|---|---|
| Path | String. GUID of the user account to delete. |
| Query | Integer. The org ID to which the user is associated. This parameter is required only if your ThoughtSpot instance has Orgs. |
| Query | String. The Org scope. Specify |
Example request๐
curl -X DELETE \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/ee74b737-da39-4667-95ad-cc06c81ab13d'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/ee74b737-da39-4667-95ad-cc06c81ab13d
Example response๐
On successful removal of the user account, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
403 | Unauthorized request |
500 | Invalid user ID |
Get a list of users and groups๐
To get a list of users and groups available in the ThoughtSpot system and view details of their inter-dependencies, use the /tspublic/v1/user/list
API endpoint.
Resource URL๐
GET /tspublic/v1/user/list
Example request๐
curl -X GET \
--header 'Accept: application/json' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/list'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/list
Example response๐
[
{
"name": "Administrator",
"displayName": "Administration Group",
"created": 1354006445722,
"modified": 1354006445722,
"principalTypeEnum": "LOCAL_GROUP",
"groupNames": [],
"visibility": "DEFAULT",
"activate": false
},
{
"name": "All",
"displayName": "All Group",
"created": 1354006445722,
"modified": 1354006445722,
"principalTypeEnum": "LOCAL_GROUP",
"groupNames": [],
"visibility": "DEFAULT",
"activate": false
},
{
"name": "System",
"displayName": "System Management Group",
"created": 1354006445722,
"modified": 1354006445722,
"principalTypeEnum": "LOCAL_GROUP",
"groupNames": [],
"visibility": "DEFAULT",
"activate": false
},
{
"name": "su",
"displayName": "Administrator Super-User",
"created": 1354006445722,
"modified": 1354006445722,
"mail": "",
"principalTypeEnum": "LOCAL_USER",
"groupNames": [
"Administrator",
"All",
"System"
],
"visibility": "DEFAULT",
"activate": false
},
{
"name": "system",
"displayName": "System User",
"created": 1354006445722,
"modified": 1354006445722,
"mail": "",
"principalTypeEnum": "LOCAL_USER",
"groupNames": [
"All",
"System"
],
"visibility": "DEFAULT",
"activate": false
},
{
"name": "aptest",
"displayName": "APtest",
"created": 1634265580100,
"modified": 1634269380481,
"mail": "[email protected]",
"principalTypeEnum": "LOCAL_USER",
"groupNames": [
"Administrator",
"All"
],
"visibility": "DEFAULT",
"activate": false
}
]
Object properties๐
A typical principal object contains the following properties:
-
name
Name of the principal. This field, in conjunction with whether the object is a user or group, is used to identify a user or group. The name of the principal must be unique.
-
displayName
Display name of the principal.
-
description
Description of the principal.
-
mail
The email address of the user. This field is populated only for the user objects. It is ignored if the object type is a group.
-
principalTypeEnum
Type of the user created in the ThoughtSpot system. For example:
-
LOCAL_USER
for users that are created and authenticated locally in the ThoughtSpot system -
LOCAL_GROUP
for groups that are saved in the local database of the ThoughtSpot system -
SAML_USER
for SSO users authenticated by a SAML IdP -
OIDC_USER
for SSO users authenticated by an OpenID provider via OIDC protocol -
LDAP_GROUP
for groups synchronized from an LDAP server -
LOCAL_GROUP
for groups that are created locally on ThoughtSpot.
-
-
password
The password of the user. This field is populated only for the user object. It is ignored in the case of groups.
Password is only required:
-
if the user is of
LOCAL_USER
type -
when the user is created for the first time. In subsequent updates, the user password is not modified even if it changes in the source system.
-
-
groupNames
Name of the groups to which a principal belongs. For example,
Administrator
,All
, and so on. Users can belong to multiple groups. -
visibility
If the user is visible to the other ThoughtSpot users or user groups who might want to share objects.
-
activate
Indicates if the user or user group needs to be activated. If the user or user group is already active, the activate
property is set to false
.
Response codes๐
HTTP Code | Description |
---|---|
200 | Successful operation |
Change password๐
To change the password of a ThoughtSpot user account, send a POST
request to the /tspublic/v1/user/updatepassword
endpoint.
Resource URL๐
POST /tspublic/v1/user/updatepassword
Request parameters๐
Form parameter | Description |
---|---|
| String. Name of the user account. |
| String. The password of the currently logged-in user. |
| String. A new password for the user specified in the |
Example request๐
curl -X POST \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Accept: application/json' \ --header 'X-Requested-By: ThoughtSpot' \ -d 'name=guest¤tpassword=test&password=foobarfoobar' \ 'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/updatepassword'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/updatepassword
Example response๐
If the operation is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Password update is successful. |
Reset password๐
To reset the password of a ThoughtSpot user account, send a POST
request to the /tspublic/v1/user/resetpassword
API endpoint.
Resource URL๐
POST /tspublic/v1/user/resetpassword
Request parameters๐
Form parameter | Description |
---|---|
| String. The GUID of the user account. |
| String. The authentication token obtained for your user session. |
| String. A new password string for the user account. |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'userid=59481331-ee53-42be-a548-bd87be6ddd4a&auth_token=JHNoaXJvMSRTSEEtMjU2JDUwMDAwMCRPMFA2S0ZlNm51Qlo4NFBlZUppdzZ3PT0kMnJKaSswSHN6Yy96ZGxqdXUwd1dXZkovNVlHUW40d3FLMVdBT3hYVVgxaz0&password=foobarA@123' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/resetpassword'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/resetpassword
Example response๐
If the operation is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Password reset is successful |
401 | Unauthorized request |
500 | Invalid parameter |
Update a user profile๐
To update the profile settings of a ThoughtSpot user programmatically, send a PUT
request to the /tspublic/v1/user/updatepreference
endpoint.
The /tspublic/v1/user/updatepreference
API allows you to modify the following attributes of a ThoughtSpot user profile:
-
Email address
The email address of the user.
-
Language preference
The system locale setting. The locale setting determines the language of the ThoughtSpot UI, date, number, and currency format.
-
Notification setting
User preference for receiving email notifications when another ThoughtSpot user shares answers or Liveboards.
-
Settings for revisiting the onboarding experience
The user preference for revisiting the onboarding experience.
ThoughtSpot provides an interactive guided walkthrough to onboard new users. The onboarding experience leads users through a set of actions to help users get started and accomplish their tasks quickly. The users can turn off the Onboarding experience and access it again when they need assistance with the ThoughtSpot UI.
Note
|
The |
Resource URL๐
POST /tspublic/v1/user/updatepreference
Request parameters๐
Form parameter | Description |
---|---|
| String. The GUID of the user. |
| String. Username of the user. |
| String. The JSON map of user preferences. In the JSON map, you can define the attributes to set the following preferences for a user:
|
| String. A 64-bit encoded string to set user preferences in a secure manner. For example, |
Note
|
If your browser or OS locale is set to a ThoughtSpot supported locale, ThoughtSpot automatically defaults to that locale. If your browser locale is not supported in ThoughtSpot, ThoughtSpot sets |
Example request๐
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'userid=59481331-ee53-42be-a548-bd87be6ddd4a&preferences={
"showWalkMe":true,
"notifyOnShare":true,
"analystOnboardingComplete":false,
"preferredLocale":"en-IN"}' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/updatepreference'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/updatepreference
This example shows the following preference settings that you can pass as a JSON string.
{
"showWalkMe":true,
"notifyOnShare":true,
"analystOnboardingComplete":false,
"preferredLocale":"en-CA"
}
-
showWalkMe
BooleanEnables or disables the guided onboarding walkthrough. When set to
true
, the user can revisit the onboarding experience. -
notifyOnShare
BooleanSets a notification preference for receiving emails when another user shares answers or Liveboards.
-
analystOnboardingComplete
BooleanIndicates if the user is onboarded.
-
preferredLocale
StringSets the ThoughtSpot locale for the specified user account. For example, to allow a user to view the ThoughtSpot UI in Deutsche, you can set the
preferredLocale
parameter tode-DE
.The allowed values are:
Locale Language da-DK
Dansk
de-DE
Deutsche
en-AU
English (Australia)
en-CA
English (Canada)
en-IN
English (India)
en-GB
English (United Kingdom)
en-US
English (United States)
es-US
Espaรฑol (Latinoamรฉrica)
es-ES
Espaรฑol (Espaรฑa)
fr-CA
Franรงais (Canada)
fr-FR
Franรงais (France)
it-IT
Italiano
nl-NL
Nederland
nb-NO
Norsk
pt-BR
Portuguรชs (Brasil)
pt-PT
Portuguรชs (Portugal)
fi-FI
Suomi
sv-SE
Svenska
zh-CN
ไธญๆ(็ฎไฝ)
ja-JP
ๆฅๆฌ่ช
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful update of a user profile |
400 | Invalid user ID |
Transfer ownership๐
When a user is removed from the ThoughtSpot application, you may want to transfer objects from the deleted user account to the account. Administrators can programmatically transfer the ownership of one or several objects from one ThoughtSpot user to another via the /tspublic/v1/user/transfer/ownership
API endpoint.
Resource URL๐
POST /tspublic/v1/user/transfer/ownership
Request parameters๐
Query parameter | Description |
---|---|
| String. Username to transfer from. |
| String. Username to transfer to. |
| Array of strings. A JSON array of ThoughtSpot object IDs.
If you do not specify the object IDs, all the objects owned by the user specified in |
Example request๐
curl -X POST
--header 'Content-Type: application/json' /
--header 'Accept: application/json' /
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/transfer/ownership?fromUserName=User3&toUserName=tsadmin&objectsID=%5B%228e7d27c5-d4e8-494e-8c13-196a9961ffa1%22%2C%220c68a0a1-930b-4ba0-b7a0-59ea49b09848%22%5D'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/transfer/ownership?fromUserName=testUser3&toUserName=tsadmin&objectsID=%5B%228e7d27c5-d4e8-494e-8c13-196a9961ffa1%22%2C%220c68a0a1-930b-4ba0-b7a0-59ea49b09848%22%5D
Example response๐
If the operation is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP Code | Description |
---|---|
204 | The ownership of objects is successfully transferred. |
400 | Invalid |
Synchronize principals๐
To programmatically synchronize user accounts and user groups with ThoughtSpot, use the /tspublic/v1/user/sync
API.
The payload takes principals containing all users and groups present in the external database. A successful API call returns the object that represents the changes made in the ThoughtSpot system.
During this operation:
-
Objects (users or groups) present in ThoughtSpot, but not present in the external list are deleted in ThoughtSpot.
-
Objects present in ThoughtSpot and the external list are updated such that the object attributes in ThoughtSpot match those present in the list.
This includes group membership.
-
Objects not present in ThoughtSpot, but present in the external list are created in ThoughtSpot.
Resource URL๐
POST /tspublic/v1/user/sync
Request parameters๐
This API uses the multipart/form-data
content-type.
Note
|
Make sure you use a JSON file encoded as |
Form parameter | Description |
---|---|
| String. Specify a list of principal objects in the JSON file format. The JSON file can contain all users and groups present in the external database. |
| Boolean.
Specify whether to sync the users and groups to the system and apply the difference evaluated.
By default, this attribute is set to |
| Boolean.
Specify whether to remove the deleted users and user groups. By default, this attribute is set to |
| String. Assign a password for new users added during the sync operation. By default, all new users will have the same password. |
| Query parameter |
Example request๐
curl -X POST \
--header 'X-Requested-By : ThoughtSpot' \
--header 'Cookie : JSESSIONID=0f534ede-f096-44d0-966a-f02be91dcb68; clientId=5ea75049-cbc9-4443-b083-2d148059c235; userGUID=a0d4311a-d123-48e5-806b-8bdc35e3e835' \
--header 'Accept: application/json' \
-F 'applyChanges=false' \
-F 'removeDeleted=false'
-F '[email protected];type=application/json' \
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/sync
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/sync
JSON request๐
The principals.json
file contains the JSON request to be sent for synchronizing users. Make sure the JSON file is encoded as application/json
in the API request.
Use the example format for the JSON requests:
[
{ "name": "Customer Success",
"displayName": "Customer Success",
"description": "CS",
"created": 1568926267025,
"modified": 1568926982242,
"principalTypeEnum": "LOCAL_GROUP",
"groupNames": [],
"visibility": "DEFAULT" },
{ "name": "All",
"displayName": "All Group",
"created": 1354006445722,
"modified": 1354006445722,
"principalTypeEnum": "LOCAL_GROUP",
"groupNames": [],
"visibility": "DEFAULT" },
{ "name": "Marketing",
"displayName": "Marketing",
"description": "Marketing Group",
"created": 1587573582931,
"modified": 1587573583003,
"principalTypeEnum": "LOCAL_GROUP",
"groupNames": [],
"visibility": "DEFAULT" },
{ "name": "test1",
"displayName": "test one",
"description": "",
"created": 1587573554475,
"modified": 1587573589986,
"mail": "[email protected]",
"principalTypeEnum": "LOCAL_USER",
"groupNames": [ "All", "Customer Success", "Marketing" ],
"visibility": "DEFAULT" },
{ "name": "test2",
"displayName": "test two",
"created": 1587573621279,
"modified": 1587573621674,
"mail": "[email protected]",
"principalTypeEnum": "LOCAL_USER",
"groupNames": [ "Administrator", "All" ],
"visibility": "DEFAULT" }
]
Important
|
The preceding example covers user objects (with emails), group objects, and their relationships.
|
Response codes๐
HTTP status code | Description |
---|---|
200 | The user sync operation is successful |
500 | Invalid request |
Assign a user to groups๐
To assign a user to groups that exist in the Thoughtspot system, send a POST
request to the /tspublic/v1/user/{userid}/groups
API endpoint.
Resource URL๐
POST /tspublic/v1/user/{userid}/groups
Request parameters๐
Parameter | Parameter Type | Description |
---|---|---|
| path | String. The GUID of the user that you want to assign to the specified groups. |
| query | String. A JSON array of the GUIDs of the user groups to which you want to add the user. |
Example request๐
curl -X POST \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups?groupids=%5B%2246fc2125-d424-40bd-9513-23cd5e2e92c3%22%2C%222e3f697a-e38d-4d50-b5c5-e2514e85d90e%22%5D'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups?groupids=%5B%2246fc2125-d424-40bd-9513-23cd5e2e92c3%22%2C%222e3f697a-e38d-4d50-b5c5-e2514e85d90e%22%5D
Example response๐
If the user group assignment is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid parameter |
Get user group details for a specific user๐
To get a list of user groups associated with a user, send a GET
request to the /tspublic/v1/user/{userid}/groups
API endpoint.
Resource URL๐
GET /tspublic/v1/user/{userid}/groups
Request parameters๐
Path parameter | Description |
---|---|
| String. The GUID of the user that you want to query. |
Example request๐
curl -X GET \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups
Example response๐
If the GET operation is successful, the API returns the following response:
[
{
"userGroupContent": {},
"groupIdx": 2,
"metadataVersion": -1,
"assignedPinboards": [],
"assignedGroups": [],
"inheritedGroups": [],
"privileges": [],
"type": "LOCAL_GROUP",
"parenttype": "GROUP",
"visibility": "DEFAULT",
"tenantId": "982d6da9-9cd1-479e-b9a6-35aa05f9282a",
"displayName": "Test Group3",
"header": {
"id": "2364bf7c-7eec-4839-ac4b-e0cbb27aec37",
"indexVersion": 95,
"generationNum": 95,
"name": "TestGroup3",
"displayName": "Test Group3",
"author": "59481331-ee53-42be-a548-bd87be6ddd4a",
"created": 1634527727318,
"modified": 1634527727318,
"modifiedBy": "59481331-ee53-42be-a548-bd87be6ddd4a",
"owner": "2364bf7c-7eec-4839-ac4b-e0cbb27aec37",
"isDeleted": false,
"isHidden": false,
"tags": [],
"type": "LOCAL_GROUP",
"isExternal": false,
"isDeprecated": false
},
"complete": true,
"incompleteDetail": [],
"isSystemPrincipal": false
},
{
"userGroupContent": {},
"groupIdx": 2,
"metadataVersion": -1,
"assignedPinboards": [],
"assignedGroups": [],
"inheritedGroups": [],
"privileges": [],
"type": "LOCAL_GROUP",
"parenttype": "GROUP",
"visibility": "DEFAULT",
"tenantId": "982d6da9-9cd1-479e-b9a6-35aa05f9282a",
"displayName": "Test Group2",
"header": {
"id": "2e3f697a-e38d-4d50-b5c5-e2514e85d90e",
"indexVersion": 94,
"generationNum": 94,
"name": "TestGroup2",
"displayName": "Test Group2",
"author": "59481331-ee53-42be-a548-bd87be6ddd4a",
"created": 1634527708775,
"modified": 1634527708775,
"modifiedBy": "59481331-ee53-42be-a548-bd87be6ddd4a",
"owner": "2e3f697a-e38d-4d50-b5c5-e2514e85d90e",
"isDeleted": false,
"isHidden": false,
"tags": [],
"type": "LOCAL_GROUP",
"isExternal": false,
"isDeprecated": false
},
"complete": true,
"incompleteDetail": [],
"isSystemPrincipal": false
}
]
Response codes๐
HTTP status code | Description |
---|---|
200 | Successful operation |
400 | Invalid parameter |
Update group association for a user๐
To update the user group data for a specific user, send a PUT
request to the /tspublic/v1/user/{userid}/groups
API endpoint.
Resource URL๐
PUT /tspublic/v1/user/{userid}/groups
Request parameters๐
Parameter | Parameter Type | Description |
---|---|---|
| path | String. The GUID of the user that you want to modify. |
| query | String. A JSON array of the GUIDs of the user groups that you want to add or modify for the specified user. |
Example request๐
curl -X PUT \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups?groupids=%5B%222e3f697a-e38d-4d50-b5c5-e2514e85d90e%22%2C%222364bf7c-7eec-4839-ac4b-e0cbb27aec37%22%2C%2246fc2125-d424-40bd-9513-23cd5e2e92c3%22%5D'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups?groupids=%5B%222e3f697a-e38d-4d50-b5c5-e2514e85d90e%22%2C%222364bf7c-7eec-4839-ac4b-e0cbb27aec37%22%2C%2246fc2125-d424-40bd-9513-23cd5e2e92c3%22%5D
Example response๐
If the user group update operation is successful, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid parameter |
Remove a user from user groups๐
To remove the existing group assignments for a user, send a DELETE
request to the /tspublic/v1/user/{userid}/groups
API endpoint.
Resource URL๐
DELETE /tspublic/v1/user/{userid}/groups
Request parameters๐
Parameter | Parameter Type | Description |
---|---|---|
| path | String. The GUID of the user from which you want to delete the user group association. |
| query | String. A JSON array of the GUIDs of the user groups from which you want to remove the specified user object. |
Example request๐
curl -X DELETE \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \ 'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups?groupids=%5B%222e3f697a-e38d-4d50-b5c5-e2514e85d90e%22%2C%222364bf7c-7eec-4839-ac4b-e0cbb27aec37%22%5D'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/user/a8aeda00-dc3c-4485-b8d1-fd6ac701a819/groups?groupids=%5B%222e3f697a-e38d-4d50-b5c5-e2514e85d90e%22%2C%222364bf7c-7eec-4839-ac4b-e0cbb27aec37%22%5D
Example response๐
If the user is removed from specified user groups, the API returns the following response:
Response Code 204
Response codes๐
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid parameter |