Web API

Press shift + S to search API reference.

Users

Manage user batched

patchhttps://api.airtable.com/v0/meta/enterpriseAccounts/{enterpriseAccountId}/users

Batch manage enterprise account users. One of id or email must supplied in the body. If both are supplied, id will be used as the identifier in changing user email to the email specified in the request.

WARNING: We recommend performing actions on up to 10 users at a time to avoid timeouts. Though we currently do not enforce a limit on the number of users you can manage at once, we are monitoring the performance of this endpoint and may enforce a limit in the future.

Requirements

AuthenticationPersonal access token, OAuth integration
Scopeenterprise.user:write
User role

Enterprise admin

Billing plansEnterprise (pre-2023.08 legacy plan), Enterprise Scale

Path parameters

enterpriseAccountId
string

Request body

users
array of the below object
id
optional<string>

A user ID

state
optional<"provisioned" | "deactivated">

provisioned | deactivated Can only change the state of managed users.

email
optional<string>

Enterprise account must own both the original and destination email domains.

WARNING: If SSO is required for your enterprise account, you must follow these steps precisely to avoid locking the end user out of their account or creating duplicate accounts.

  • Use this API to update the user's email to a new value (this effectively logs the user out)
  • Use your SSO provider's (e.g. Okta's) admin panel to update the user's email to the new value
  • Tell the user to log into Airtable with the new email
firstName
optional<string>
lastName
optional<string>

Response format

errors
array of the below object
id
optional<string>

A user ID

type
string
message
string
email
optional<string>
updatedUsers
array of the below object
id
string

A user ID

state
optional<"provisioned" | "deactivated">

Only returned if it is provided in the request body.

email
optional<string>

Only returned if it is provided in the request body.

firstName
optional<string>
lastName
optional<string>

Error responses

Action on self failure (403)
Don't deactivate yourself or you might lose access. If action must be performed, add another admin.
{
"error": {
"message": "Cannot perform action on self",
"type": "INVALID_PERMISSIONS"
}
}
External user account (403)
Cannot modify external user state since they are not considered part of the enterprise account.
{
"error": {
"message": "User does not belong to the enterprise email domain",
"type": "INVALID_PERMISSIONS"
}
}
FLA account error (403)
The provisioned and deactivated states apply only to ELA and "claiming" enterprise accounts. FLA users are always provisioned.
{
"error": {
"message": "State modification is not enabled for FLA enterprise accounts",
"type": "INVALID_PERMISSIONS"
}
}
Non-managed user account (403)
Can only manage information of managed users.
{
"error": {
"message": "User is not managed by the enterprise account",
"type": "INVALID_PERMISSIONS"
}
}
Email in use failure (422)
Email cannot be taken already.
{
"error": {
"message": "Email already in use",
"type": "EMAIL_ALREADY_IN_USE"
}
}
ID or email not specified (422)
Either id or email must be supplied in the request body.
{
"error": {
"message": "Invalid request: either ID or email must be specified. Check your request data.",
"type": "INVALID_REQUEST_UNKNOWN"
}
}
Must own target domain (422)
Enterprise account must own target email domain.
{
"error": {
"message": "Target email domain not owned by this enterprise account",
"type": "TARGET_EMAIL_DOMAIN_NOT_OWNED_BY_ENTERPRISE"
}
}
Service accounts must be on verified domains (422)
A service account email must be on a verified email domain
{
"error": {
"message": "Service Account must be on verified enterprise email domain",
"type": "SERVICE_ACCOUNT_MUST_BE_ON_VERIFIED_DOMAIN"
}
}
Two factor error (422)
Email cannot be changed while the user has two factor authentication enabled.
{
"error": {
"message": "Cannot change email when two factor authentication is enabled",
"type": "CANNOT_CHANGE_EMAIL_WHILE_TWO_FACTOR_ENABLED"
}
}
Request (example)
Copy
$
curl -X PATCH "https://api.airtable.com/v0/meta/enterpriseAccounts/{enterpriseAccountId}/users" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"users": [
{
"email": "foo@bar.com",
"id": "usrL2PNC5o3H4lBEi",
"state": "provisioned"
},
{
"id": "usrsOEchC9xuwRgKk",
"state": "deactivated"
},
{
"email": "foo@bam.com",
"id": "usrL2PNC5o3H4lBEi"
},
{
"email": "bam@bam.com",
"state": "provisioned"
}
]
}'
200 – Response (example)
{
"errors": [
{
"id": "usrqccqnMB2eHylqB",
"message": "User not found",
"type": "MODEL_ID_NOT_FOUND"
},
{
"email": "foo@bam.com",
"message": "Email not found",
"type": "NOT_FOUND"
}
],
"updatedUsers": [
{
"email": "foo@bar.com",
"id": "usrGcrteE5fUMqq0R",
"state": "provisioned"
},
{
"id": "usrsOEchC9xuwRgKk",
"state": "deactivated"
}
]
}