Create users
Create DALP users through the API with wallet and identity setup, then verify the account before using it in platform workflows.
The create-user API creates a DALP user account in the caller's active organisation. It also provisions the wallet and identity that let the user hold assets. Use it for controlled setup, demos, test accounts, and passive holders who need an account before they sign in.
Use invitations instead when the person should accept an invitation and control their first login from the start. For the workspace flow, see Create users from the web interface.
Prerequisites
- An API key for a caller with permission to create users in the active organisation.
- Wallet verification for the caller when the identity creation transaction is authorised.
- A unique email address for the user being created.
- An active organisation in the caller's session. DALP rejects creation when the request has no active organisation.
Create a user
Send the create-user request
Call the create-user route with the user's email address, optional display name, and the caller's wallet verification details.
curl -X POST "https://your-platform.example.com/api/user/create" \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Northwind Treasury Holder",
"email": "[email protected]",
"walletVerification": {
"secretVerificationCode": "123456"
}
}'Store the returned identifiers
A successful request returns the user ID, normalized email address, wallet address, and identity contract address.
{
"id": "usr_123abc",
"name": "Northwind Treasury Holder",
"email": "[email protected]",
"wallet": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F",
"identity": "0x8ba1f109551bD432803012645Ac136ddd64DBA72"
}Keep these values with the case file or setup notes for the account. Later workflows use the user ID, wallet, or identity address depending on whether you are assigning roles, registering an identity, issuing claims, or adding the account to an asset workflow.
Verify the created user
Read the user back through your normal user-management API or the Users workspace. Confirm that the email address matches the created account and that the wallet and identity addresses are present before you rely on the user in asset workflows.
Request fields
| Field | Required | Meaning |
|---|---|---|
email | Yes | Email address for the account. DALP stores the created user's email in lowercase and rejects duplicate email addresses. |
name | No | Display name for the person, company, or holder account. When omitted, DALP stores the name as null. |
walletVerification | Conditional | Verification for the administrator's wallet action. The create-user handler uses it when it deploys the identity for the created wallet. |
What DALP creates
DALP creates four linked records for the user:
| Created item | Behavior |
|---|---|
| User account | DALP creates a user account with a random password and adds it to the caller's active organisation. |
| Organisation membership | The created account belongs to the caller's active organisation. Requests without an active organisation are rejected. |
| Wallet | DALP creates a wallet for the new user. |
| Identity contract | DALP deploys an identity contract for the created wallet. Identity registration remains a separate workflow. |
Endpoint variants
DALP exposes the create-user operation through two public API paths.
| Route | Response shape |
|---|---|
POST /api/user/create | Returns the created user object directly. |
POST /api/v2/users | Returns the created user object in a JSON:API-style data envelope with a links.self URL. |
Use the path that matches the rest of your integration. Both paths create the same account, wallet, organisation membership, and identity.
Operating notes
- Creating a user is not the same as inviting a person. The create-user route does not send an invitation email.
- The generated password is not returned to administrators. If the created user needs to sign in, they should use the password-reset flow for the created email address.
- Creating the account does not register the identity in the identity registry. Register the identity before using the account in workflows that require registry membership.
- The caller needs create-user permission. The route checks the caller's system permissions before it creates the account.
- Reusing an existing email address returns a conflict instead of creating another account.
Related guides
- Create users from the web interface for the same onboarding choice in the DALP workspace.
- Register user for adding a wallet-backed identity to the registry.
- Getting started with the API for API-key setup.
Change admin roles
Update platform administrator role assignments through the API when operating responsibilities, least-privilege reviews, or provisioning workflows change.
Register user
Register a user's wallet and OnchainID in the identity registry via API for compliance tracking and token eligibility.