Skip to main content
The Users API allows you to manage user accounts, service users, roles, and permissions in your NetBird network.

List All Users

Returns a list of all users in your account. 
GET /api/users
service_user
boolean
Filter users and return either regular users or service users
curl -X GET "https://api.netbird.io/api/users?service_user=false" \
  -H "Authorization: Token nbp_YOUR_TOKEN"
id
string
User ID from the identity provider
email
string
User’s email address
name
string
User’s full name from the identity provider
role
string
User’s NetBird account role: admin, user, or owner
status
string
User’s status: active, invited, or blocked
auto_groups
array
Group IDs to auto-assign to peers registered by this user
is_service_user
boolean
Indicates if this is a service user (API-only account)
is_blocked
boolean
Indicates if the user is blocked from using the system
pending_approval
boolean
Indicates if the user requires admin approval before activation

Get Current User

Retrieve information about the currently authenticated user. 
GET /api/users/current
Example
curl -X GET https://api.netbird.io/api/users/current \
  -H "Authorization: Token nbp_YOUR_TOKEN"

Create a User

Create a new service user or send an invitation to a regular user. 
POST /api/users
email
string
User’s email address to send invite to
name
string
User’s full name
role
string
required
User’s NetBird account role: admin, user, or owner
auto_groups
array
required
Group IDs to auto-assign to peers registered by this user
is_service_user
boolean
required
Set to true to create a service user (API-only account)
curl -X POST https://api.netbird.io/api/users \
  -H "Authorization: Token nbp_YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "name": "Jane Doe",
    "role": "user",
    "auto_groups": ["ch8i4ug6lnn4g9hqv7m0"],
    "is_service_user": false
  }'
When creating a service user with an embedded IdP, the response includes an auto-generated password field. This password is only returned once - save it securely!

Update a User

Update user information including role, groups, and blocked status. 
PUT /api/users/{userId}
userId
string
required
The unique identifier of the user
role
string
required
User’s NetBird account role
auto_groups
array
required
Group IDs to auto-assign to peers registered by this user
is_blocked
boolean
required
Set to true to block the user from accessing the system
Example
curl -X PUT https://api.netbird.io/api/users/google-oauth2|123456 \
  -H "Authorization: Token nbp_YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "admin",
    "auto_groups": ["ch8i4ug6lnn4g9hqv7m0", "ch8i4ug6lnn4g9hqv7m1"],
    "is_blocked": false
  }'

Delete a User

Remove a user from the account. This removes the user from NetBird but typically leaves the identity provider account intact. 
DELETE /api/users/{userId}
userId
string
required
The unique identifier of the user
Example
curl -X DELETE https://api.netbird.io/api/users/google-oauth2|123456 \
  -H "Authorization: Token nbp_YOUR_TOKEN"
Deleting a user will:
  • Remove their access to the NetBird network
  • Delete all peers registered by the user (unless configured otherwise)
  • Remove them from all groups
This action cannot be undone.

User Approval

Approve a User

Approve a user who is pending approval (when user approval is enabled in account settings). 
POST /api/users/{userId}/approve
Example
curl -X POST https://api.netbird.io/api/users/google-oauth2|123456/approve \
  -H "Authorization: Token nbp_YOUR_TOKEN"

Reject a User

Reject a pending user and remove them from the account. 
DELETE /api/users/{userId}/reject
Example
curl -X DELETE https://api.netbird.io/api/users/google-oauth2|123456/reject \
  -H "Authorization: Token nbp_YOUR_TOKEN"

Resend Invitation

Resend an invitation email to a user who hasn’t accepted their invite yet. 
POST /api/users/{userId}/invite
Example
curl -X POST https://api.netbird.io/api/users/google-oauth2|123456/invite \
  -H "Authorization: Token nbp_YOUR_TOKEN"

Change User Password

This endpoint is only available when the embedded identity provider (Dex) is enabled. Users can only change their own password.
PUT /api/users/{userId}/password
userId
string
required
The unique identifier of the user (must be the current user)
old_password
string
required
The current password
new_password
string
required
The new password to set
Example
curl -X PUT https://api.netbird.io/api/users/local-user-123/password \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "old_password": "currentPassword123",
    "new_password": "newSecurePassword456!"
  }'

User Roles

NetBird supports three user roles:

Owner

Full administrative access including billing and account deletion

Admin

Manage users, peers, policies, routes, and settings

User

Limited access based on configured permissions

Service Users

Service users are API-only accounts without dashboard access, ideal for:
  • CI/CD automation
  • Infrastructure as Code
  • Monitoring and alerting systems
  • Third-party integrations
Service users:
  • Cannot log into the dashboard
  • Authenticate using Personal Access Tokens
  • Can be assigned limited permissions
  • Don’t count towards user limits in some plans

Build docs developers (and LLMs) love

Get started for freeTalk to us