The User APIs enable you to manage user- and group-related operations in the ThoughtSpot system.

You can use the User APIs to manage your users and groups in ThoughtSpot. For example, you may want to view all users and groups in your ThoughtSpot cluster.

Transfer ownership

Use this API to transfer ownership of all objects from one user to another.

Resource URL

post /tspublic/v1/user/transfer/ownership

Request Parameters

Query Parameter Data Type Description
fromUserName string Username to transfer from.
toUserName string Username to transfer to.

Request Example

cURL
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'X-Requested-By: ThoughtSpot' 'https://<instance>/callosum/v1/tspublic/v1/user/transfer/ownership?fromUserName=guest&toUserName=guest1'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/transfer/ownership?fromUserName=guest&toUserName=guest1

Response Example

Not applicable
204 - Successful login

Synchronize principals

Use this API to synchronize ThoughtSpot users and groups with your external database. The payload takes principals containing all users and groups present in the external database and a successful API call returns the object that represents the changes that were made in ThoughtSpot system. This means the following:

  • Objects (users or groups) present in ThoughtSpot, but not present in the external list - will be deleted in ThoughtSpot.
  • Objects present in ThoughtSpot, and present in the external list - will be updated such that the object attributes in ThoughtSpot match those present in the list. This includes group membership.
  • Objects not present in ThoughtSpot, and present in the external list - will be created in ThoughtSpot.

Resource URL

post /tspublic/v1/user/sync

Request Parameters

This API uses multipart/form-data content type.

Form Parameter Data Type Description
principals string Specifies a list of principal objects. This is ideally a JSON file containing containing all users and groups present in the external database.
applyChanges boolean A flag indicating whether to sync the users and groups to the system, and apply the difference evaluated. Use this parameter to validate a difference before applying changes.
removeDeleted boolean A flag indicating whether to remove deleted users/groups. When true, this flag removes any deleted users or groups.
password string Specifies a password.

Request Example

cURL
curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d 'applyChanges=false' 'https://<instance>/callosum/v1/tspublic/v1/user/sync'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/sync

Response Example

This example covers user objects (with emails), group objects, and their relationships.

  • created and modified dates may be left blank for new users.

  • principalTypeEnum value specifies if the principal is a user or a group.

Here, test1 user belongs to two groups - Customer Success and Marketing. test2 belongs to the group Administrator. All is a default group to which every user belongs; you may omit it from the input.

Set visibility to NON_SHARABLE if you do not want users to be able to share objects with users in this group.

[
  { "name": "Customer Success",
    "displayName": "Customer Success",
    "description": "CS",
    "created": 1568926267025,
    "modified": 1568926982242,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT" },

  { "name": "All",
    "displayName": "All Group",
    "created": 1354006445722,
    "modified": 1354006445722,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT" },

  { "name": "Marketing",
    "displayName": "Marketing",
    "description": "Marketing Group",
    "created": 1587573582931,
    "modified": 1587573583003,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT" },

  { "name": "test1",
    "displayName": "test one",
    "description": "",
    "created": 1587573554475,
    "modified": 1587573589986,
    "mail": "test1@test.com",
    "principalTypeEnum": "LOCAL_USER",
    "groupNames": [ "All", "Customer Success", "Marketing" ],
    "visibility": "DEFAULT" },

  { "name": "test2",
    "displayName": "test two",
    "created": 1587573621279,
    "modified": 1587573621674,
    "mail": "test2@test.com",
    "principalTypeEnum": "LOCAL_USER",
    "groupNames": [ "Administrator", "All" ],
    "visibility": "DEFAULT" }
]

Change password

Use this API to change the password of a user.

Resource URL

post /tspublic/v1/user/updatepassword

Request Parameters

Form Parameter Data Type Description
namestring Name of the user.
currentpasswordstring The current password of the user.
passwordstring A new password of the user.

Request Example

cURL
curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' --header 'X-Requested-By: ThoughtSpot' -d 'name=guest&currentpassword=test&password=foobarfoobar' 'https://<instance>/callosum/v1/tspublic/v1/user/updatepassword'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/updatepassword

Response Example

Not applicable
204 - Successful password update

Fetch users and groups

Use this API to get a list of all users, groups, and their inter-dependencies in the form of principal objects. A typical principal object contains the following properties:

Property Description
name

Name of the principal.

This field, in conjunction with whether the object is a user or group, is used to identify a user/group. Consequently, this field is required to be unique (unique for users and groups separately. i.e., you can have user “x” and group “x”).

displayName Display name of the principal.
description Description of the principal.
mail Email address of the user. This field should be populated in case of user only. It is ignored in the case of groups.
principalTypeEnum

Type of the user created in the ThoughtSpot system.

  • LOCAL_USER(a user is validated through password saved in the ThoughtSpot database)
  • LOCAL_GROUP
password Password of the user. This field should be populated in case of user only. It is ignored in the case of groups. Password is only required:
  • if the user is of LOCAL_USER type,
  • when the user is created for the first time.
In subsequent update, the user password is not updated even if it changes in the source system.
groupNames Group names that a principal belongs to. Groups and users can belong to other groups.

Resource URL

get /tspublic/v1/user/list

Request Example

cURL
curl -X GET --header 'Accept: application/json' 'https://<instance>/callosum/v1/tspublic/v1/user/list'
Request URL
https://<instance>/callosum/v1/tspublic/v1/user/list

Response Example

[
  {
    "name": "Administrator",
    "displayName": "Administration Group",
    "created": 1354006445722,
    "modified": 1354006445987,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT"
  },
  {
    "name": "Analyst",
    "displayName": "Analyst Group",
    "created": 1354006445722,
    "modified": 1354006445987,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": [],
    "visibility": "DEFAULT"
  },
  {
    "name": "rls-group-3",
    "displayName": "rls-group-3",
    "description": "Contains directly rls-group-1, rls-group-2 and belongs direclty to rls-group-5",
    "created": 1459376495060,
    "modified": 1459376590681,
    "principalTypeEnum": "LOCAL_GROUP",
    "groupNames": ["rls-group-5"],
    "visibility": "DEFAULT"
  }
  ]