User Status API
Updates a user's status (activate, suspend, lockout) from the Access Control backend.
Endpoint
| Property | Value |
|---|---|
| Method | PATCH |
| Path | /api/users/:userId/status |
| Auth | JWT required; roles access-control.admin or access-control.manager (feature: USER_MGMT) |
Request Body
{
"status": "ACTIVE" | "INACTIVE" | "LOCKED_OUT" | "SUSPENDED" | "BANNED" | "PENDING_VERIFICATION" | "DELETED"
}
Response
200 OK with the updated user payload.
Notes
- The endpoint writes to the canonical user record and emits an audit event
- Status transitions may trigger side effects (e.g., clearing lockout counters when setting
ACTIVE) - Unauthorized requests return
401/403depending on guard failure
Example
# Activate a user
curl -X PATCH "https://access-control.dev.digiwedge.com/api/users/<uuid>/status" \
-H "Authorization: Bearer <admin_jwt>" \
-H "Content-Type: application/json" \
-d '{"status":"ACTIVE"}'
Related
- Admin UI exposes this under: Users → Edit User → Status
- Backend source:
apps/access-control/access-control-backend/src/app/controllers/users.controller.ts:168