The User API

The User API allows you to make API requests that are scoped to an individual user.

This allows you to delegate the responsibility of ensuring a user has the required permissions to make a given request to UserHub.

It also makes it possible to call the UserHub API directly from the browser.

Create Key#

Go to the Admin Console and click Developer
Click the New API key button
Set the Description field to Getting Started
Select User API from Type dropdown
Select Read and write from the User scope dropdown
Click the Create button
Click Copy when the newly created key appears

Install SDK#

# No setup required

npm install @userhub/sdk

go get -u github.com/userhubdev/go-sdk

composer require userhub/sdk

pip install -U userhub-sdk

Make an Unauthenticated Request#

Use the User API key to make an unauthenticated API call to the session endpoint.

curl https://api.userhub.com/user/v1/session \
  -H "UserHub-Api-Key: $USER_API_KEY"

import { UserApi } from "@userhub/sdk";

const userApi = new UserApi(process.env.USER_API_KEY);

const res = await userApi.session.get();

if (res.user) {
  console.log("Authenticated");
} else {
  console.log("Not authenticated");
}

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/userhubdev/go-sdk/userapi"
)

func main() {
	ctx := context.Background()

	userApi, err := userapi.New(os.Getenv("USER_API_KEY"), "")
	if err != nil {
		panic(err)
	}

	res, err := userApi.Session().Get(ctx, nil)
	if err != nil {
		panic(err)
	}

	if res.User != nil {
		fmt.Println("Authenticated")
	} else {
		fmt.Println("Not authenticated")
	}
}

<?php

require __DIR__.'/vendor/autoload.php';

use UserHub\UserApi;

$userApi = new UserApi(getenv('USER_API_KEY'));

$res = $userApi->session->get();

if (isset($res->user)) {
    echo 'Authenticated'.PHP_EOL;
} else {
    echo 'Not authenticated'.PHP_EOL;
}

import os

from userhub_sdk import UserApi

user_api = UserApi(os.environ.get("USER_API_KEY"))

res = user_api.session.get()

if res.user:
    print("Authenticated")
else:
    print("Not authenticated")

Make an Authenticated Request#

Follow the instructions in the Admin API getting started guide and use those credentials to create an API session and make an authenticated call.

curl "https://api.userhub.com/admin/v1/users/$USER_ID:createApiSession" \
  -H "Authorization: Bearer $ADMIN_API_KEY" \
  -X POST

curl https://api.userhub.com/user/v1/session \
  -H "UserHub-Api-Key: $USER_API_KEY" \
  -H "Authorization: Bearer $USER_ACCESS_TOKEN"

import { AdminApi, UserApi } from "@userhub/sdk";

const adminApi = new AdminApi(process.env.ADMIN_API_KEY);

const session = await adminApi.users.createApiSession(process.env.USER_ID);

const userApi = new UserApi(process.env.USER_API_KEY, session.accessToken);

const res = await userApi.session.get();

if (res.user) {
  console.log("Authenticated");
} else {
  console.log("Not authenticated");
}

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/userhubdev/go-sdk/adminapi"
	"github.com/userhubdev/go-sdk/userapi"
)

func main() {
	ctx := context.Background()

	adminApi, err := adminapi.New(os.Getenv("ADMIN_API_KEY"))
	if err != nil {
		panic(err)
	}

	session, err := adminApi.Users().CreateApiSession(ctx, os.Getenv("USER_ID"), nil)
	if err != nil {
		panic(err)
	}

	userApi, err := userapi.New(os.Getenv("USER_API_KEY"), session.AccessToken)
	if err != nil {
		panic(err)
	}

	res, err := userApi.Session().Get(ctx, nil)
	if err != nil {
		panic(err)
	}

	if res.User != nil {
		fmt.Println("Authenticated")
	} else {
		fmt.Println("Not authenticated")
	}
}

<?php

require __DIR__.'/vendor/autoload.php';

use UserHub\AdminApi;
use UserHub\UserApi;

$adminApi = new AdminApi(getenv('ADMIN_API_KEY'));

$session = $adminApi->users->createApiSession(userId: getenv('USER_ID'));

$userApi = new UserApi(getenv('USER_API_KEY'), $session->accessToken);

$res = $userApi->session->get();

if (isset($res->user)) {
    echo 'Authenticated'.PHP_EOL;
} else {
    echo 'Not authenticated'.PHP_EOL;
}

import os

from userhub_sdk import AdminApi, UserApi

admin_api = AdminApi(os.environ.get("ADMIN_API_KEY"))

session = admin_api.users.create_api_session(user_id=os.environ.get("USER_ID"))

user_api = UserApi(os.environ.get("USER_API_KEY"), session.access_token)

res = user_api.session.get()

if res.user:
    print("Authenticated")
else:
    print("Not authenticated")

Most endpoints in the User API require that you provide a user access token, but some can be called with only the User API key.