Skip to main content
Best Answer

Strange Behavior Creating New Users

  • September 23, 2025
  • 6 replies
  • 59 views
D

Greetings! I’m struggling with submitting a new user request to POST /manage/v1/user.

When I submit the information below, I get a response that has a 200 status code and an array of active users as a response. The user is not created.

Weirdly, when I submit this through the UI (actually, this is where I got the JSON from!) the submit goes to the same location (/manage/v1/user) and the user is created. Even more weird, if I authenticate with the the api browser and submit the same JSON, it creates the user as well.

I’m logged in as the same user in the UI, and the api browser. And I send the exact same user’s username/password when requesting the oauth token. I’m using resource owner password grant for my workflow.

This leads me to conclude that there’s something wrong with my oAuth flow, or that resource owner password grant doesn’t support creating users. 

Does anyone have any thoughts on how to further diagnose this? 

I came across this post that had a similar behavor, but given that the UI and api browser work, it doesn’t make sense to me that I can’t get this payload to work with my oauth app!

Any thoughts would be much appreciated!


    {
      "userid": "frank.underwood@info.com",
      "email": "frank.underwood@info.com",
      "firstname": "Frank",
      "lastname": "Underwood",
      "password": "Password123!",
      "force_change": 1,
      "send_notification_email": 1,
      "level": "6",
      "ui.language": "english",
      "expiration": "2025-10-01",
      "valid": 1,
      "email_validation_status": "1",
      "date_format": "",
      "timezone": "",
      "manager": {
        "1": null
      },
      "can_manage_subordinates": false,
      "select_orgchart": {
        "26": 1
      },
      "additional_fields": {
        "1": 230,
        "8": "Employee",
        "10": "12",
        "11": "White House"
      },
      "employees": {}
    }

 

Best answer by DataDragon0032

Found the problem!!! My Bruno collection had the BASE_URL variable set with a trailing / character. When I built the requests, I pre-pended a / as well, so I ended up hitting https://host//manage/v1/user instead of https://host/manage/v1/user. Other endpoints seem to work fine, but the user endpoint seems to be very picky.

@mstrom, really appreciate you giving some suggestions and pointers! I’ll mark this one as solved for now. 

    6 replies

    M
    Novice III
    Forum|alt.badge.img+1
    • mstrom
    • September 24, 2025

    Hello, if it works when using the API browser, copy the token from the browser and use in your offline tool, Postman or other to test. That will help narrow down what the issue is. If it doesn’t work, then there is something else in the configuration causing it, not related to the token. Be sure you are configuring your header as Authorization: Bearer [token]

    More info about Docebo API authentication can be found here.

    D
    • DataDragon0032
    • Author
    • Newcomer
    • September 24, 2025

    Great suggestion! I did a review of the configuration (I’m using Bruno as a Postfix-like tool).

    I pulled the Bearer token from the web browser. I observe the same behavior -- with the same bearer token -- using the API that I saw in my original post. 

    Even with a token that successfully generates a user in the api browser and using the same payload, I cannot generate a new user via the API. 

    I reviewed my API calls. I added an explicit Content-Type and Accept header that I noticed I was missing. Unfortunately it didn’t change the behavior.

    I also tried running a GET /manage/v1/user using the same token. It works just fine. It seems to be an issue with the POST call and how it interacts with the system.

    Thank you for the pointer!

    M
    Novice III
    Forum|alt.badge.img+1
    • mstrom
    • September 24, 2025

     

    While the JSON you are using should work, I know Docebo API can be finicky when used outside the API Browser if it’s not aligned to the same format as what is shown in the body sample. I would review the body schema provided in the Docebo API browser for required and optional fields and field type and as a test use the same body sample provided in the Docebo API browser in Bruno. 

    For example, your JSON "email_validation_status": "1",

    Does not use boolean

     

    While the request may go through and return a 200 message, if the fields are not exactly what it expects, nothing will happen.

    My suggestion go through and align the JSON to exactly what Docebo is expecting outlined in the Docebo API Browser body schema and body sample.

    Second, be sure you have a header configured with the Authorization: Bearer [insert token from Docebo API Browser]

    D
    • DataDragon0032
    • Author
    • Newcomer
    • September 25, 2025

    Thanks for the further insights, ​@mstrom!

    I reviewed the JSON payload as you suggested. I ended up modifying it slightly, as seen below. Unfortunately I still have the exact same behavior. I pulled the bearer token from my browser session with the API browser, and through my own oAuth session. Unfortunately, neither permitted me to create the user, and I still get the HTTP/200 response with an array of active users. 

     

    Do you have any other thoughts?

    {
      "userid": "frank.underwood@info.com",
      "email": "frank.underwood@info.com",
      "firstname": "Frank",
      "lastname": "Underwood",
      "password": "Password123!",
      "force_change": 1,
      "send_notification_email": true,
      "level": "6",
      "ui.language": "english",
      "expiration": "2025-10-01",
      "valid": 1,
      "email_validation_status": 1,
      "date_format": "",
      "timezone": "",
      "can_manage_subordinates": false,
      "select_orgchart": {
        "26": 1
      },
      "additional_fields": {
        "1": 230,
        "8": "Employee",
        "10": "12",
        "11": "White House"
      }
    }

     

    D
    • DataDragon0032
    • Author
    • Newcomer
    • Answer
    • September 25, 2025

    Found the problem!!! My Bruno collection had the BASE_URL variable set with a trailing / character. When I built the requests, I pre-pended a / as well, so I ended up hitting https://host//manage/v1/user instead of https://host/manage/v1/user. Other endpoints seem to work fine, but the user endpoint seems to be very picky.

    @mstrom, really appreciate you giving some suggestions and pointers! I’ll mark this one as solved for now. 

    M
    Novice III
    Forum|alt.badge.img+1
    • mstrom
    • September 25, 2025

    Good to hear you found the issue. It’s usually the small things like an extra period or worse yet, an extra space or missing “ somewhere. Do keep in mind though these APIs can be finicky as mentioned if you don’t serve them up what they are expecting. They’ll still return a 200 but did nothing.

    Terms & ConditionsCookie settingsAccessibility statement