Activate regular user account

Activate invited user account and set password (public endpoint, API key only). Requires invitation token, password policy compliance, and terms/privacy acceptance. Activation runs in a transaction (user activation, password, metadata merge, RBAC grants); on invariant failure (e.g. missing email credential row after validation) the server responds 422 with users_m.email_credential_not_found.

POST/v1/users/activate

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

token*string

Invitation token from email

password*string

Initial password (min 12 characters, must contain uppercase, lowercase, number, special char)

reference?string

Optional external reference saved on activation

terms_accepted*boolean

Must be true to complete activation

privacy_policy_accepted*boolean

Must be true to complete activation

Response Body

`application/json`

curl -X POST "https://example.com/v1/users/activate" \  -H "Content-Type: application/json" \  -d '{    "token": "string",    "password": "stringstring",    "terms_accepted": true,    "privacy_policy_accepted": true  }'

{
  "message": "string",
  "redirect_url": "http://example.com"
}

{
  "code": "users_m.invalid_user_input",
  "message": "Invalid user input data"
}

{
  "code": "users_m.user_already_exists",
  "message": "User with this email already exists"
}

{
  "code": "users_m.email_credential_not_found",
  "message": "Email credential not found for this user"
}

Authorization

Request Body

Response Body

200application/json

400application/json

409application/json

422application/json

Example user_exists

Example token_used

Example already_active

`application/json`

`application/json`

`application/json`

`application/json`