# User

## Retrieves paged users for a company scope.

> Applies role-based company access checks and returns paged, searchable, and sortable user results.\
> \
> Required roles: Admin.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"FilterDataViewModel":{"type":"object","properties":{"skip":{"type":"integer","description":"Number of records to skip from the start of the result set.","format":"int32","nullable":true},"take":{"type":"integer","description":"Maximum number of records to return.","format":"int32","nullable":true},"search":{"type":"string","description":"Free-text query applied to searchable fields.","nullable":true},"companyId":{"type":"string","description":"Company scope used to limit results to a specific tenant.","format":"uuid","nullable":true},"startDate":{"type":"string","description":"Inclusive start date for date-range filtering.","format":"date-time","nullable":true},"endDate":{"type":"string","description":"Inclusive end date for date-range filtering.","format":"date-time","nullable":true},"sorted":{"type":"array","items":{"$ref":"#/components/schemas/SortDescriptor"},"description":"Sorting instructions, ordered by priority.","nullable":true}},"description":"Represents a generic filter request for paged list endpoints."},"SortDescriptor":{"type":"object","properties":{"name":{"type":"string","description":"Gets or sets the Name."},"direction":{"type":"string","description":"Gets or sets the Direction."}},"description":"Represents the view model SortDescriptor."}}},"paths":{"/v1/User/Get":{"post":{"tags":["User"],"summary":"Retrieves paged users for a company scope.","description":"Applies role-based company access checks and returns paged, searchable, and sortable user results.\n\nRequired roles: Admin.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FilterDataViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/FilterDataViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/FilterDataViewModel"}}},"required":true},"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Retrieves paged users for a company scope.

> Applies role-based company access checks and returns paged, searchable, and sortable user results.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/Get/{userId}":{"get":{"tags":["User"],"summary":"Retrieves paged users for a company scope.","description":"Applies role-based company access checks and returns paged, searchable, and sortable user results.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Creates a user in the selected company.

> Validates company access by role and provisions a new user account with the supplied profile and onboarding options.\
> \
> Required roles: Admin.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"CreateUserViewModel":{"required":["emailAddress","firstName","lastName","sentPassword"],"type":"object","properties":{"emailAddress":{"type":"string"},"firstName":{"type":"string","description":"First name of the new user."},"lastName":{"type":"string","description":"Last name of the new user."},"sentPassword":{"type":"boolean","description":"Indicates whether an invitation should include password setup instructions."}},"description":"Represents input for creating a user account."}}},"paths":{"/v1/User/Create/{companyId}":{"post":{"tags":["User"],"summary":"Creates a user in the selected company.","description":"Validates company access by role and provisions a new user account with the supplied profile and onboarding options.\n\nRequired roles: Admin.","parameters":[{"name":"companyId","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreateUserViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/CreateUserViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/CreateUserViewModel"}}},"required":true},"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Deletes a user account.

> Validates company access and removes the selected user.\
> \
> Required roles: Admin.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/Delete/{userId}":{"delete":{"tags":["User"],"summary":"Deletes a user account.","description":"Validates company access and removes the selected user.\n\nRequired roles: Admin.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Updates user profile settings.

> Supports self-service updates for regular users and extended updates for privileged roles, including profile, image, phone, and UI preferences.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"UpdateUserViewModel":{"type":"object","properties":{"firstName":{"type":"string","nullable":true},"lastName":{"type":"string","nullable":true},"email":{"type":"string","nullable":true},"phoneNumber":{"type":"string","description":"Updated phone number.","nullable":true},"uiLanguage":{"$ref":"#/components/schemas/NullableOfUILanguage"},"userImage":{"type":"string","description":"Identifier of profile image media to assign.","format":"uuid","nullable":true},"active":{"type":"boolean","description":"Updated active state for privileged role updates.","nullable":true},"countryCode":{"type":"string","description":"Country dialing code used with phone number updates.","nullable":true},"emailOptIn":{"$ref":"#/components/schemas/NullableOfEmailOptIn"},"firstRunChat":{"type":"boolean","description":"Indicates first-run state for chat onboarding.","nullable":true},"firstRunText":{"type":"boolean","description":"Indicates first-run state for text onboarding.","nullable":true},"firstRunSpeech":{"type":"boolean","description":"Indicates first-run state for speech onboarding.","nullable":true},"firstRunTranslate":{"type":"boolean","description":"Indicates first-run state for translate onboarding.","nullable":true},"lastSeenReleaseNoteVersion":{"type":"string","description":"Last release-note version acknowledged by the user.","nullable":true},"sidebar":{"$ref":"#/components/schemas/SidebarPreferencesDTO"}},"description":"Represents input for updating user profile and preference data."},"NullableOfUILanguage":{"type":"integer","description":"Updated UI language.","nullable":true},"NullableOfEmailOptIn":{"type":"integer","description":"Email opt-in preference.","nullable":true},"SidebarPreferencesDTO":{"type":"object","properties":{"appOrderIds":{"type":"array","items":{"type":"string"},"description":"Gets or sets the App Order Ids."},"hiddenAppIds":{"type":"array","items":{"type":"string"},"description":"Gets or sets the Hidden App Ids."},"vectorStoreOrderIds":{"type":"array","items":{"type":"string"},"description":"Gets or sets the Vector Store Order Ids."},"hiddenVectorStoreIds":{"type":"array","items":{"type":"string"},"description":"Gets or sets the Hidden Vector Store Ids."},"appsCollapsed":{"type":"boolean","description":"Gets or sets the Apps Collapsed."},"vectorStoresCollapsed":{"type":"boolean","description":"Gets or sets the Vector Stores Collapsed."}},"description":"Updated sidebar preference configuration.","nullable":true}}},"paths":{"/v1/User/Update/{userId}":{"patch":{"tags":["User"],"summary":"Updates user profile settings.","description":"Supports self-service updates for regular users and extended updates for privileged roles, including profile, image, phone, and UI preferences.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UpdateUserViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/UpdateUserViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/UpdateUserViewModel"}}},"required":true},"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Deletes the user's profile image.

> Validates company access and removes the persisted profile media reference.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/DeleteUserImage/{userId}":{"delete":{"tags":["User"],"summary":"Deletes the user's profile image.","description":"Validates company access and removes the persisted profile media reference.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Retrieves the current authenticated user profile.

> Returns profile details and assigned role names for the active session.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/GetCurrentUser":{"get":{"tags":["User"],"summary":"Retrieves the current authenticated user profile.","description":"Returns profile details and assigned role names for the active session.","responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Authenticates a user with credentials and optional MFA flow.

> Validates account state, policy constraints, and MFA requirements, then returns a login token or an MFA challenge response.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/Login":{"post":{"tags":["User"],"summary":"Authenticates a user with credentials and optional MFA flow.","description":"Validates account state, policy constraints, and MFA requirements, then returns a login token or an MFA challenge response.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/LoginViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/LoginViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/LoginViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"LoginViewModel":{"required":["username","password"],"type":"object","properties":{"username":{"type":"string","description":"Username or email used for authentication."},"password":{"type":"string"},"mfaCode":{"type":"string","description":"MFA verification code when MFA is requested.","nullable":true},"mfaChallengeToken":{"type":"string","description":"MFA challenge token issued by a prior login step.","nullable":true},"skipMfaEnrollment":{"type":"boolean","description":"Indicates whether optional MFA enrollment should be skipped."}},"description":"Represents user login input, including optional MFA fields."}}}}
```

## Starts MFA enrollment during login.

> Verifies the enrollment challenge token and returns authenticator setup details.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/BeginMfaEnrollmentForLogin":{"post":{"tags":["User"],"summary":"Starts MFA enrollment during login.","description":"Verifies the enrollment challenge token and returns authenticator setup details.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaChallengeViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/MfaChallengeViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/MfaChallengeViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"MfaChallengeViewModel":{"required":["userId","mfaChallengeToken"],"type":"object","properties":{"userId":{"type":"string","description":"Identifier of the challenged user."},"mfaChallengeToken":{"type":"string","description":"Challenge token issued during login or enrollment flow."}},"description":"Represents MFA challenge confirmation input."}}}}
```

## Completes MFA enrollment during login.

> Validates the authenticator code and signs the user in after enrollment.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/CompleteMfaEnrollmentForLogin":{"post":{"tags":["User"],"summary":"Completes MFA enrollment during login.","description":"Validates the authenticator code and signs the user in after enrollment.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaCompleteViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/MfaCompleteViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/MfaCompleteViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"MfaCompleteViewModel":{"required":["userId","mfaChallengeToken","mfaCode"],"type":"object","properties":{"userId":{"type":"string","description":"Identifier of the user completing MFA enrollment."},"mfaChallengeToken":{"type":"string","description":"MFA enrollment challenge token."},"mfaCode":{"type":"string","description":"One-time MFA verification code."}},"description":"Represents input for completing MFA enrollment during login."}}}}
```

## Skips optional MFA enrollment during login.

> Allowed only when company policy marks MFA enrollment as optional.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/SkipMfaEnrollmentForLogin":{"post":{"tags":["User"],"summary":"Skips optional MFA enrollment during login.","description":"Allowed only when company policy marks MFA enrollment as optional.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaChallengeViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/MfaChallengeViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/MfaChallengeViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"MfaChallengeViewModel":{"required":["userId","mfaChallengeToken"],"type":"object","properties":{"userId":{"type":"string","description":"Identifier of the challenged user."},"mfaChallengeToken":{"type":"string","description":"Challenge token issued during login or enrollment flow."}},"description":"Represents MFA challenge confirmation input."}}}}
```

## Starts MFA enrollment for the current user.

> Resets the authenticator key and returns setup details for an authenticator app.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/BeginMfaEnrollment":{"get":{"tags":["User"],"summary":"Starts MFA enrollment for the current user.","description":"Resets the authenticator key and returns setup details for an authenticator app.","responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Completes MFA enrollment during login.

> Validates the authenticator code and signs the user in after enrollment.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"CompleteMfaEnrollmentViewModel":{"required":["mfaCode"],"type":"object","properties":{"mfaCode":{"type":"string","description":"One-time MFA verification code from the authenticator app."}},"description":"Represents input for completing MFA enrollment."}}},"paths":{"/v1/User/CompleteMfaEnrollment":{"post":{"tags":["User"],"summary":"Completes MFA enrollment during login.","description":"Validates the authenticator code and signs the user in after enrollment.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CompleteMfaEnrollmentViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/CompleteMfaEnrollmentViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/CompleteMfaEnrollmentViewModel"}}},"required":true},"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Disables MFA for the current user when policy allows it.

> Resets authenticator state and marks enrollment as skipped for optional policy.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/DisableMfa":{"post":{"tags":["User"],"summary":"Disables MFA for the current user when policy allows it.","description":"Resets authenticator state and marks enrollment as skipped for optional policy.","responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Authenticates a user using Microsoft OpenID access tokens.

> Resolves the user from Microsoft Graph identity and returns a SafeGPT login token.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/OpenIdAuth":{"post":{"tags":["User"],"summary":"Authenticates a user using Microsoft OpenID access tokens.","description":"Resolves the user from Microsoft Graph identity and returns a SafeGPT login token.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdAuthViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/OpenIdAuthViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/OpenIdAuthViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"OpenIdAuthViewModel":{"required":["accessToken"],"type":"object","properties":{"accessToken":{"type":"string","description":"External provider access token used to resolve user identity."}},"description":"Represents input for OpenID-based authentication."}}}}
```

## Refreshes the current login session using the refresh cookie.

> Validates the refresh token and issues a new login token pair.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/RefreshSession":{"post":{"tags":["User"],"summary":"Refreshes the current login session using the refresh cookie.","description":"Validates the refresh token and issues a new login token pair.","responses":{"200":{"description":"OK"}}}}}}
```

## Revokes the current refresh session.

> Revokes persisted refresh-token session state and clears the refresh cookie.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/RevokeSession":{"post":{"tags":["User"],"summary":"Revokes the current refresh session.","description":"Revokes persisted refresh-token session state and clears the refresh cookie.","responses":{"200":{"description":"OK"}}}}}}
```

## Changes the password for the current user.

> Validates the current password before applying the new password.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"ChangePasswordViewModel":{"required":["currentPassword","newPassword"],"type":"object","properties":{"currentPassword":{"type":"string","description":"Current password for verification."},"newPassword":{"type":"string","description":"New password to apply."}},"description":"Represents input for changing a password while signed in."}}},"paths":{"/v1/User/ChangePassword":{"post":{"tags":["User"],"summary":"Changes the password for the current user.","description":"Validates the current password before applying the new password.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ChangePasswordViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/ChangePasswordViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/ChangePasswordViewModel"}}},"required":true},"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Requests a password-reset flow for a user account.

> Validates reCAPTCHA and triggers password-reset instructions by email.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/RequestPasswordReset":{"post":{"tags":["User"],"summary":"Requests a password-reset flow for a user account.","description":"Validates reCAPTCHA and triggers password-reset instructions by email.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RequestPasswordResetViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/RequestPasswordResetViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/RequestPasswordResetViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"RequestPasswordResetViewModel":{"required":["username","recaptchaToken"],"type":"object","properties":{"username":{"type":"string","description":"Username or email of the account requesting reset."},"recaptchaToken":{"type":"string","description":"reCAPTCHA verification token."}},"description":"Represents input for requesting password-reset instructions."}}}}
```

## Sets an initial password using an email verification token.

> Confirms the email token, sets the password, and signs the user in.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/SetPasswordWithToken/{userId}":{"post":{"tags":["User"],"summary":"Sets an initial password using an email verification token.","description":"Confirms the email token, sets the password, and signs the user in.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ChangePasswordWithTokenViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/ChangePasswordWithTokenViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/ChangePasswordWithTokenViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"ChangePasswordWithTokenViewModel":{"required":["newPassword","confirmPassword","token"],"type":"object","properties":{"newPassword":{"type":"string","description":"New password to set."},"confirmPassword":{"type":"string","description":"Confirmation value for the new password."},"token":{"type":"string","description":"Password-reset or verification token."}},"description":"Represents token-based password reset input."}}}}
```

## Changes a password using a reset token.

> Applies token-based password reset and returns a login token on success.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/ChangePasswordWithToken/{userId}":{"post":{"tags":["User"],"summary":"Changes a password using a reset token.","description":"Applies token-based password reset and returns a login token on success.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ChangePasswordWithTokenViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/ChangePasswordWithTokenViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/ChangePasswordWithTokenViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"ChangePasswordWithTokenViewModel":{"required":["newPassword","confirmPassword","token"],"type":"object","properties":{"newPassword":{"type":"string","description":"New password to set."},"confirmPassword":{"type":"string","description":"Confirmation value for the new password."},"token":{"type":"string","description":"Password-reset or verification token."}},"description":"Represents token-based password reset input."}}}}
```

## Changes a user's email address using a verification token.

> Applies token-based email change and updates username to the new email.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"paths":{"/v1/User/ChangeEmailWithToken/{userId}":{"post":{"tags":["User"],"summary":"Changes a user's email address using a verification token.","description":"Applies token-based email change and updates username to the new email.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ChangeEmailWithTokenViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/ChangeEmailWithTokenViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/ChangeEmailWithTokenViewModel"}}},"required":true},"responses":{"200":{"description":"OK"}}}}},"components":{"schemas":{"ChangeEmailWithTokenViewModel":{"required":["newEmail","token"],"type":"object","properties":{"newEmail":{"type":"string","description":"New email address to set on the account."},"token":{"type":"string","description":"Email-change verification token."}},"description":"Represents input for confirming an email-address change."}}}}
```

## Sets an initial password using an email verification token.

> Confirms the email token, sets the password, and signs the user in.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SetPasswordViewModel":{"required":["password"],"type":"object","properties":{"password":{"type":"string"}},"description":"Represents input for setting a user's password by an administrator."}}},"paths":{"/v1/User/SetPassword/{userId}":{"post":{"tags":["User"],"summary":"Sets an initial password using an email verification token.","description":"Confirms the email token, sets the password, and signs the user in.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SetPasswordViewModel"}},"text/json":{"schema":{"$ref":"#/components/schemas/SetPasswordViewModel"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/SetPasswordViewModel"}}},"required":true},"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```

## Resets MFA state for a user.

> Disables two-factor authentication, resets authenticator secrets, and requires the user to enroll again.\
> \
> Required roles: Admin.

```json
{"openapi":"3.0.1","info":{"title":"WebApi | v1","version":"1.0.0"},"tags":[{"name":"User"}],"servers":[{"url":"https://api.safegpt.nl/"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"JWT bearer token. Example: 'Bearer {token}'.","scheme":"bearer","bearerFormat":"JWT"}}},"paths":{"/v1/User/ResetMfa/{userId}":{"post":{"tags":["User"],"summary":"Resets MFA state for a user.","description":"Disables two-factor authentication, resets authenticator secrets, and requires the user to enroll again.\n\nRequired roles: Admin.","parameters":[{"name":"userId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK"},"401":{"description":"Authentication is required."},"403":{"description":"The user is not authorized to access this endpoint."}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.safegpt.nl/api-en/endpoints/user.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.