Overview
Users are individual accounts in AWX. They can be members of organizations and teams, and can be granted various roles and permissions.
Endpoints
| Method | Endpoint | Description |
|---|
| GET | /api/v2/users/ | List users |
| POST | /api/v2/users/ | Create user |
| GET | /api/v2/users/{id}/ | Retrieve user |
| PATCH | /api/v2/users/{id}/ | Update user |
| DELETE | /api/v2/users/{id}/ | Delete user |
| GET | /api/v2/me/ | Get current user |
List Users
curl -X GET \
https://awx.example.com/api/v2/users/ \
-H "Authorization: Bearer YOUR_TOKEN"
Create User
curl -X POST \
https://awx.example.com/api/v2/users/ \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"username": "jdoe",
"first_name": "John",
"last_name": "Doe",
"email": "[email protected]",
"password": "SecurePassword123!",
"is_superuser": false,
"is_system_auditor": false
}'
Unique username for the user
User password (required for new users)
Grant superuser privileges
Grant system auditor role (read-only access to everything)
Password Requirements
Passwords are validated based on AWX settings:
LOCAL_PASSWORD_MIN_LENGTH - Minimum password lengthLOCAL_PASSWORD_MIN_DIGITS - Minimum number of digitsLOCAL_PASSWORD_MIN_UPPER - Minimum uppercase charactersLOCAL_PASSWORD_MIN_SPECIAL - Minimum special characters
Additional Django password validators may apply.
Retrieve User
curl -X GET \
https://awx.example.com/api/v2/users/5/ \
-H "Authorization: Bearer YOUR_TOKEN"
Response Schema
Whether user has superuser privileges
Whether user has system auditor role
Always returns "encrypted" for security Last login timestamp (read-only)
Account creation timestamp
Last modification timestamp
Links to related resources:
teams - Teams the user belongs toorganizations - Organizations the user is a member ofadmin_of_organizations - Organizations where user is adminprojects - Projects user has access tocredentials - User’s credentialsroles - Roles assigned to the useractivity_stream - User’s activity logaccess_list - Access list
Update User
curl -X PATCH \
https://awx.example.com/api/v2/users/5/ \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"first_name": "Jane"
}'
Change Password
curl -X PATCH \
https://awx.example.com/api/v2/users/5/ \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"password": "NewSecurePassword456!"
}'
Users can change their own password. Superusers can change any user’s password.
Delete User
curl -X DELETE \
https://awx.example.com/api/v2/users/5/ \
-H "Authorization: Bearer YOUR_TOKEN"
Current User
Get information about the authenticated user:
curl -X GET \
https://awx.example.com/api/v2/me/ \
-H "Authorization: Bearer YOUR_TOKEN"
User Teams
curl -X GET \
https://awx.example.com/api/v2/users/5/teams/ \
-H "Authorization: Bearer YOUR_TOKEN"
User Organizations
curl -X GET \
https://awx.example.com/api/v2/users/5/organizations/ \
-H "Authorization: Bearer YOUR_TOKEN"
Admin of Organizations
curl -X GET \
https://awx.example.com/api/v2/users/5/admin_of_organizations/ \
-H "Authorization: Bearer YOUR_TOKEN"
User Projects
curl -X GET \
https://awx.example.com/api/v2/users/5/projects/ \
-H "Authorization: Bearer YOUR_TOKEN"
User Credentials
curl -X GET \
https://awx.example.com/api/v2/users/5/credentials/ \
-H "Authorization: Bearer YOUR_TOKEN"
User Roles
curl -X GET \
https://awx.example.com/api/v2/users/5/roles/ \
-H "Authorization: Bearer YOUR_TOKEN"
Activity Stream
curl -X GET \
https://awx.example.com/api/v2/users/5/activity_stream/ \
-H "Authorization: Bearer YOUR_TOKEN"
Access List
curl -X GET \
https://awx.example.com/api/v2/users/5/access_list/ \
-H "Authorization: Bearer YOUR_TOKEN"
Personal Access Tokens
Create Personal Token
curl -X POST \
https://awx.example.com/api/v2/users/5/personal_tokens/ \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"description": "API access token",
"scope": "write"
}'
Token scope: read or write
OAuth application ID (null for personal tokens)
List Personal Tokens
curl -X GET \
https://awx.example.com/api/v2/users/5/personal_tokens/ \
-H "Authorization: Bearer YOUR_TOKEN"
Revoke Personal Token
curl -X DELETE \
https://awx.example.com/api/v2/users/5/personal_tokens/123/ \
-H "Authorization: Bearer YOUR_TOKEN"
Filtering
# By username
?username=admin
# By email
?email__icontains=example.com
# Superusers only
?is_superuser=true
# System auditors
?is_system_auditor=true
# Search
?search=john
Ordering
# By username
?order_by=username
# By last login
?order_by=-last_login
# By creation date
?order_by=-created
User Types
Normal Users
Standard users with permissions based on assigned roles.
Superusers
Users with is_superuser=true have full access to all resources and can:
- Create/modify/delete any resource
- Grant any permission
- Access admin interface
System Auditors
Users with is_system_auditor=true have read-only access to all resources.
Complete Example
import requests
import json
base_url = "https://awx.example.com/api/v2"
token = "YOUR_TOKEN"
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json"
}
# Create user
user_data = {
"username": "automation_user",
"first_name": "Automation",
"last_name": "User",
"email": "[email protected]",
"password": "SecurePassword123!",
"is_superuser": False
}
response = requests.post(
f"{base_url}/users/",
headers=headers,
data=json.dumps(user_data)
)
if response.status_code == 201:
user = response.json()
user_id = user['id']
print(f"Created user {user_id}")
# Create access token for user
token_data = {
"description": "API Access",
"scope": "write"
}
token_response = requests.post(
f"{base_url}/users/{user_id}/personal_tokens/",
headers=headers,
data=json.dumps(token_data)
)
if token_response.status_code == 201:
token_info = token_response.json()
print(f"Token: {token_info['token']}")
else:
print(f"Error: {response.status_code}")
print(response.json())
