curl --request POST \
  --url https://api.arize.com/v2/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Jane Smith",
  "email": "jane.smith@example.com",
  "role": {
    "type": "predefined",
    "name": "member"
  },
  "invite_mode": "email_link"
}
'

{
  "id": "VXNlcjoxMjM0NQ==",
  "name": "Jane Smith",
  "email": "jane.smith@example.com",
  "created_at": "2024-01-01T12:00:00Z",
  "status": "active",
  "role": {
    "type": "predefined",
    "name": "member"
  },
  "is_developer": true
}

Users

Create a user

Create a new account user with explicit invite control.

Invite modes

none — add the user directly with no invitation (for SSO-only accounts). The user is immediately active and can log in via the configured identity provider.
email_link — create an invited invitation and send the user an email with a verification link to complete registration.
temporary_password — create an invited invitation with a temporary password (returned once in the response). The user must reset it on first login.

Idempotency on email (applies when invite_mode != "none")

Existing state	Behavior	Response
No prior invitation	Create a new `invited` invitation	`201 Created`
`invited` (not yet accepted)	Return the existing invitation as-is; do not resend	`200 OK`
`active`	Email belongs to an existing member	`409 Conflict`
`expired`	Create a new `invited` invitation	`201 Created`
`inactive`	User has been deactivated and cannot be re-invited	`409 Conflict`

When invite_mode is none and the email already belongs to an active account member, the request returns 409 Conflict.

Payload requirements

name — required, 1–255 characters
email — required, must be a valid email address; used as the idempotency key
role — required, one of admin, member, annotator; sets the account-level role
invite_mode — required, one of none, email_link, temporary_password

Requires account admin role or USER_CREATE permission.

This endpoint is in beta, read more here.

POST

users

curl --request POST \
  --url https://api.arize.com/v2/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Jane Smith",
  "email": "jane.smith@example.com",
  "role": {
    "type": "predefined",
    "name": "member"
  },
  "invite_mode": "email_link"
}
'

{
  "id": "VXNlcjoxMjM0NQ==",
  "name": "Jane Smith",
  "email": "jane.smith@example.com",
  "created_at": "2024-01-01T12:00:00Z",
  "status": "active",
  "role": {
    "type": "predefined",
    "name": "member"
  },
  "is_developer": true
}

Authorizations

Authorization

string

header

required

Most Arize AI endpoints require authentication. For those endpoints that require authentication, include your API key in the request header using the format

Body

application/json

Body containing user creation parameters and invite control.

name

string

required

Full name of the new user

Required string length: 1 - 255

string<email>

required

Email address of the user to invite

Example:

"user@example.com"

role

object

required

An account-level role assignment. Discriminated by type:

predefined: one of the predefined roles (admin, member, annotator)
custom: a custom RBAC role identified by its ID

Note: custom role assignments are not yet supported and are reserved for future use.

Option 1
Option 2

Show child attributes

invite_mode

enum<string>

required

Controls whether and how an invitation is sent

Available options:

none,

email_link,

temporary_password

is_developer

boolean

Whether the user should have developer permissions (can use the Arize API). Defaults to true for admin and member roles, and false for annotator.

Response

An account user object

An account user represents a member of the account. Users can be listed, updated, or removed from the account.

string

required

A universally unique identifier (base64-encoded opaque string).

Example:

"RW50aXR5OjEyMzQ1"

name

string

required

Display name of the user

string<email>

required

An email address

Example:

"user@example.com"

created_at

string<date-time>

required

Timestamp for when the user was created

status

enum<string>

required

Current status of the user in the account.

active: User has verified their email and can access the platform.
invited: User has been invited and their verification token is still valid.
expired: User was invited but their verification token has expired or is missing. A new invite is required.

Available options:

active,

invited,

expired

role

object

required

An account-level role assignment. Discriminated by type:

predefined: one of the predefined roles (admin, member, annotator)
custom: a custom RBAC role identified by its ID

Note: custom role assignments are not yet supported and are reserved for future use.

Option 1
Option 2

Show child attributes

is_developer

boolean

required

Whether the user has developer permissions (can use the Arize API)

List users Get a user

⌘I