CoAP POST /iam/users


This endpoint is used to create a new user on the device. Subsequently the user must either be paired through this API or be invited to perform pairing: This is done by invoking CoAP PUT /iam/users/:username/:setting after user creation to either:

  • Set the fingerprint of the client effectively pairing the client manually.
  • Set a password for the user enabling the new client to perform password invite pairing if this feature is enabled on the device.

For the created user to be allowed to use any features of the device, it must be assigned a role, also done using CoAP PUT /iam/users/:username/:setting.

The created user is assigned a Server Connect Token (SCT) upon creation.


POST /iam/users


The client specifies the desired username of the new user to use on the target device. The username must be unique on the target device, and can only use the character set:

  • Lower case letters [a-z].
  • Numbers [0-9].
  • The underscore character _.
  • The dash character -.
  • The period character ..

The request is CBOR encoded.

  "Username": "john_doe"


CoAP status codes:

  • 201: On success.
  • 400: Bad request (likely invalid username).
  • 403: Blocked by IAM configuration.
  • 409: Username exists.

Response body contains a CBOR representation of the created user. Only the username and SCT can exist on a new user:

  "Username": "john",
  "Sct": "...",


A user must have access to the following IAM Action to use this endpoint:

  • IAM:CreateUser

No special attributes are provided.