There are a number of API methods relating to user administration, including [/users](🔗), [/authenticate](🔗), and [/change-password](🔗). This document gives a brief overview of how these methods work to build user-facing applications. See also [Authentication](🔗).

## Creating a New User

To create a new user using the API, submit a POST request that includes, at a minimum, `email`, `first_name`, `last_name`, and `role_id`.

When you create the user you cannot provide a `password` and the user is set as inactive (active=false). In the UI workflow an email is sent to the user and they are asked to set a password. Once the user's password is reset the user is set to active (active=true) and can now login.

## Logging In

Any active User can login using the Authenticate method by POSTing their `email`, along with their password. See [Authentication](🔗) for a full explanation with examples.

## Lost Password

If a User loses their password and wants to get an email to change their password, they can POST to `request-change-password`:

This will send the user an email that links to a webpage where they can update their password.

## Changing Password of Authenticated User

To change the password of an authenticated User using their existing password, you make a POST to the `change_password` resource including the existing password and the `new_password`.