User Management
Community Edition
Basic Auth
Every Karrio project comes with comprehensive user management capabilities, providing organization-based access control, role-based permissions, user invitations, and secure authentication for enterprise deployments.
Features
Organization-Based Access Control
You don’t have to build user management from scratch. Our system provides multi-organization support with isolated user access and resource management.
User Management Dashboard
Screenshot: User roles, permissions, and organization management interface
Role-Based Permissions
Assign granular permissions with predefined roles or create custom roles tailored to your business needs.
User Invitations & Onboarding
Send email invitations with automatic user onboarding and role assignment for seamless team collaboration.
Secure Authentication
JWT-based authentication with token management, refresh capabilities, and optional two-factor authentication.
Audit & Activity Tracking
Monitor user actions, access patterns, and permission changes with comprehensive audit trails.
Additional features
- Karrio extends user management with API key management and rate limiting controls.
- Every user interaction includes automatic session management and security monitoring.
- Karrio manages user preferences and customizable dashboard configurations.
- Support for SSO integration and external authentication providers.
Data Flow
User Authentication & Authorization Flow
API Reference
REST API
User Registration (Sign Up)
1curl -X POST "https://api.karrio.io/api/register" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "email": "newuser@example.com", 5 "password1": "secure_password123", 6 "password2": "secure_password123", 7 "first_name": "John", 8 "last_name": "Doe" 9 }'
Response:
1{ 2 "user": { 3 "id": "usr_1234567890", 4 "email": "newuser@example.com", 5 "first_name": "John", 6 "last_name": "Doe", 7 "is_active": false, 8 "date_joined": "2024-01-15T08:00:00Z" 9 }, 10 "message": "Verification email sent. Please check your email to activate your account." 11}
Email Verification
1curl -X POST "https://api.karrio.io/api/verify-email" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "key": "verification_token_from_email" 5 }'
Response:
1{ 2 "detail": "Email verified successfully. Your account is now active." 3}
User Authentication (Sign In)
1curl -X POST "https://api.karrio.io/api/token" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "username": "user@example.com", 5 "password": "secure_password" 6 }'
Response:
1{ 2 "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE2NDI2ODEyMDB9.xyz", 3 "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NDI3Njc2MDB9.abc", 4 "user": { 5 "id": "usr_1234567890", 6 "email": "user@example.com", 7 "first_name": "John", 8 "last_name": "Doe", 9 "is_active": true, 10 "date_joined": "2024-01-15T08:00:00Z" 11 } 12}
Password Reset Request
1curl -X POST "https://api.karrio.io/api/password/reset" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "email": "user@example.com" 5 }'
Response:
1{ 2 "detail": "Password reset email sent. Please check your email for reset instructions." 3}
Password Reset Confirm
1curl -X POST "https://api.karrio.io/api/password/reset/confirm" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "uid": "user_id_from_email", 5 "token": "reset_token_from_email", 6 "new_password1": "new_secure_password123", 7 "new_password2": "new_secure_password123" 8 }'
Response:
1{ 2 "detail": "Password has been reset successfully." 3}
Refresh Token
1curl -X POST "https://api.karrio.io/api/token/refresh" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NDI3Njc2MDB9.abc" 5 }'
Response:
1{ 2 "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE2NDI2ODEyMDB9.new_token" 3}
Verify Token
1curl -X POST "https://api.karrio.io/api/token/verify" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE2NDI2ODEyMDB9.xyz" 5 }'
Response (Valid Token):
1{ 2 "valid": true, 3 "user": { 4 "id": "usr_1234567890", 5 "email": "user@example.com", 6 "organizations": [ 7 { 8 "id": "org_1234567890", 9 "name": "Acme Corporation", 10 "role": "admin" 11 } 12 ] 13 } 14}
Get Current User
1curl -X GET "https://api.karrio.io/v1/users/me" \ 2 -H "Authorization: Token YOUR_API_KEY"
Response:
1{ 2 "id": "usr_1234567890", 3 "email": "user@example.com", 4 "first_name": "John", 5 "last_name": "Doe", 6 "is_active": true, 7 "date_joined": "2024-01-15T08:00:00Z", 8 "organizations": [ 9 { 10 "id": "org_1234567890", 11 "name": "Acme Corporation", 12 "role": "admin", 13 "permissions": ["create_shipments", "manage_users", "view_analytics"] 14 } 15 ] 16}
GraphQL API
User Registration Mutation
1mutation RegisterUser($input: RegisterUserMutationInput!) { 2 register_user(input: $input) { 3 user { 4 id 5 email 6 first_name 7 last_name 8 is_active 9 date_joined 10 } 11 errors { 12 field 13 messages 14 } 15 } 16}
Variables:
1{ 2 "input": { 3 "email": "newuser@example.com", 4 "password1": "secure_password123", 5 "password2": "secure_password123", 6 "first_name": "John", 7 "last_name": "Doe" 8 } 9}
Response:
1{ 2 "data": { 3 "register_user": { 4 "user": { 5 "id": "usr_1234567890", 6 "email": "newuser@example.com", 7 "first_name": "John", 8 "last_name": "Doe", 9 "is_active": false, 10 "date_joined": "2024-01-15T08:00:00Z" 11 }, 12 "errors": [] 13 } 14 } 15}
Verify Email Mutation
1mutation VerifyEmail($input: VerifyEmailMutationInput!) { 2 verify_email(input: $input) { 3 success 4 errors { 5 field 6 messages 7 } 8 } 9}
Variables:
1{ 2 "input": { 3 "key": "verification_token_from_email" 4 } 5}
Response:
1{ 2 "data": { 3 "verify_email": { 4 "success": true, 5 "errors": [] 6 } 7 } 8}
Token Authentication Mutation
1mutation TokenAuth($input: TokenAuthMutationInput!) { 2 token_auth(input: $input) { 3 token 4 refresh_token 5 user { 6 id 7 email 8 first_name 9 last_name 10 is_active 11 } 12 errors { 13 field 14 messages 15 } 16 } 17}
Variables:
1{ 2 "input": { 3 "username": "user@example.com", 4 "password": "secure_password" 5 } 6}
Response:
1{ 2 "data": { 3 "token_auth": { 4 "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE2NDI2ODEyMDB9.xyz", 5 "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NDI3Njc2MDB9.abc", 6 "user": { 7 "id": "usr_1234567890", 8 "email": "user@example.com", 9 "first_name": "John", 10 "last_name": "Doe", 11 "is_active": true 12 }, 13 "errors": [] 14 } 15 } 16}
Refresh Token Mutation
1mutation RefreshToken($input: RefreshTokenMutationInput!) { 2 refresh_token(input: $input) { 3 token 4 errors { 5 field 6 messages 7 } 8 } 9}
Variables:
1{ 2 "input": { 3 "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NDI3Njc2MDB9.abc" 4 } 5}
Response:
1{ 2 "data": { 3 "refresh_token": { 4 "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE2NDI2ODQyMDB9.new_token", 5 "errors": [] 6 } 7 } 8}
Password Reset Request Mutation
1mutation PasswordReset($input: PasswordResetMutationInput!) { 2 password_reset(input: $input) { 3 success 4 errors { 5 field 6 messages 7 } 8 } 9}
Variables:
1{ 2 "input": { 3 "email": "user@example.com" 4 } 5}
Response:
1{ 2 "data": { 3 "password_reset": { 4 "success": true, 5 "errors": [] 6 } 7 } 8}
Password Reset Confirm Mutation
1mutation PasswordResetConfirm($input: PasswordResetConfirmMutationInput!) { 2 password_reset_confirm(input: $input) { 3 success 4 errors { 5 field 6 messages 7 } 8 } 9}
Variables:
1{ 2 "input": { 3 "uid": "user_id_from_email", 4 "token": "reset_token_from_email", 5 "new_password1": "new_secure_password123", 6 "new_password2": "new_secure_password123" 7 } 8}
Response:
1{ 2 "data": { 3 "password_reset_confirm": { 4 "success": true, 5 "errors": [] 6 } 7 } 8}
Query Current User
1query GetCurrentUser { 2 user { 3 id 4 email 5 first_name 6 last_name 7 is_active 8 date_joined 9 organizations { 10 id 11 name 12 role 13 permissions 14 } 15 } 16}
Response:
1{ 2 "data": { 3 "user": { 4 "id": "usr_1234567890", 5 "email": "user@example.com", 6 "first_name": "John", 7 "last_name": "Doe", 8 "is_active": true, 9 "date_joined": "2024-01-15T08:00:00Z", 10 "organizations": [ 11 { 12 "id": "org_1234567890", 13 "name": "Acme Corporation", 14 "role": "admin", 15 "permissions": ["create_shipments", "manage_users", "view_analytics"] 16 } 17 ] 18 } 19 } 20}
Query Users (Admin Only)
1query GetUsers($filter: UserFilter, $pagination: PaginationInput) { 2 users(filter: $filter, pagination: $pagination) { 3 edges { 4 node { 5 id 6 email 7 first_name 8 last_name 9 is_active 10 date_joined 11 organizations { 12 id 13 name 14 role 15 } 16 } 17 } 18 pageInfo { 19 hasNextPage 20 hasPreviousPage 21 startCursor 22 endCursor 23 } 24 } 25}
Variables:
1{ 2 "filter": { 3 "is_active": true, 4 "organization_id": "org_1234567890" 5 }, 6 "pagination": { 7 "first": 10 8 } 9}
Response:
1{ 2 "data": { 3 "users": { 4 "edges": [ 5 { 6 "node": { 7 "id": "usr_1234567890", 8 "email": "user@example.com", 9 "first_name": "John", 10 "last_name": "Doe", 11 "is_active": true, 12 "date_joined": "2024-01-15T08:00:00Z", 13 "organizations": [ 14 { 15 "id": "org_1234567890", 16 "name": "Acme Corporation", 17 "role": "admin" 18 } 19 ] 20 } 21 } 22 ], 23 "pageInfo": { 24 "hasNextPage": false, 25 "hasPreviousPage": false, 26 "startCursor": "cursor1", 27 "endCursor": "cursor1" 28 } 29 } 30 } 31}
Update User Profile Mutation
1mutation UpdateUserProfile($input: UpdateUserProfileMutationInput!) { 2 update_user_profile(input: $input) { 3 user { 4 id 5 email 6 first_name 7 last_name 8 } 9 errors { 10 field 11 messages 12 } 13 } 14}
Variables:
1{ 2 "input": { 3 "first_name": "John Updated", 4 "last_name": "Doe Updated" 5 } 6}
Response:
1{ 2 "data": { 3 "update_user_profile": { 4 "user": { 5 "id": "usr_1234567890", 6 "email": "user@example.com", 7 "first_name": "John Updated", 8 "last_name": "Doe Updated" 9 }, 10 "errors": [] 11 } 12 } 13}
Send User Invitations
1mutation SendInvitations($input: SendInvitationsMutationInput!) { 2 send_invitations(input: $input) { 3 invitations { 4 id 5 email 6 organization { 7 id 8 name 9 } 10 role 11 expires_at 12 } 13 errors { 14 field 15 messages 16 } 17 } 18}
Variables:
1{ 2 "input": { 3 "emails": ["newuser@example.com", "colleague@example.com"], 4 "organization_id": "org_1234567890", 5 "role": "user" 6 } 7}
Response:
1{ 2 "data": { 3 "send_invitations": { 4 "invitations": [ 5 { 6 "id": "inv_1234567890", 7 "email": "newuser@example.com", 8 "organization": { 9 "id": "org_1234567890", 10 "name": "Acme Corporation" 11 }, 12 "role": "user", 13 "expires_at": "2024-01-22T10:30:00Z" 14 } 15 ], 16 "errors": [] 17 } 18 } 19}
User Roles & Permissions
Standard Roles
Built-in roles with predefined permission groups:
Owner
- Permissions:
manage_org_owner - Capabilities: Complete organization ownership and control
- Restrictions: Only available to organization owners
Admin
- Permissions:
manage_team,manage_apps,manage_carriers - Capabilities: Team management, application settings, carrier connections
- Restrictions: Cannot transfer organization ownership
Developer
- Permissions:
manage_webhooks - Capabilities: Webhook configuration and API integrations
- Restrictions: Limited to development and integration tasks
Member
- Permissions:
manage_data,manage_orders,manage_pickups,manage_trackers,manage_shipments - Capabilities: Core shipping operations, order management, tracking
- Restrictions: Cannot manage users or organization settings
Permission Groups
The actual permission system uses these groups:
1{ 2 "permission_groups": [ 3 "manage_apps", 4 "manage_team", 5 "manage_system", 6 "manage_orders", 7 "manage_data", 8 "manage_pickups", 9 "manage_carriers", 10 "manage_trackers", 11 "manage_webhooks", 12 "manage_shipments", 13 "manage_org_owner" 14 ] 15}
Organization Management
Organization management is handled by a separate system. For detailed information about creating organizations, managing teams, and organization-level features, see our Multi-Organizations documentation.
Use Cases
Team Collaboration
Perfect for teams managing shipping operations:
- Role Assignment: Assign appropriate roles based on responsibilities
- Access Control: Limit access to sensitive operations and data
- Audit Trail: Track who performed what actions and when
- Invitation Workflow: Easily onboard new team members
Enterprise Deployment
Designed for large organizations with complex requirements:
- Permission Groups: Fine-grained control over feature access using permission groups
- User Provisioning: Automated user creation and role assignment
- Compliance Reporting: Detailed audit logs for compliance requirements
- Multi-Organization Support: See Multi-Organizations for details
Partner Integration
Enable external partners and vendors to access specific resources:
- Limited Access: Provide specific permission groups for controlled access
- Resource Isolation: Keep partner data separate using organizational boundaries
- Temporary Access: Set expiration dates for partner accounts
- Activity Monitoring: Track partner usage and access patterns
Security Features
Authentication Options
Standard Authentication
Username/password authentication1curl -X POST "https://api.karrio.io/api/token" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "username": "user@example.com", 5 "password": "secure_password" 6 }'
Two-Factor Authentication
2FA authentication with OTP1curl -X POST "https://api.karrio.io/api/token/verified" \ 2 -H "Content-Type: application/json" \ 3 -d '{ 4 "username": "user@example.com", 5 "password": "secure_password", 6 "otp_token": "123456" 7 }'
API Key Management
Generate and manage API keys for programmatic access:
API keys are managed through the admin dashboard1// Use the web interface to create and manage API keys 2// Each key can be assigned specific permissions and expiration dates
Integration Examples
User Onboarding Workflow
User invitations are handled through the admin dashboard1// Invitations are sent via email with secure acceptance links 2// Users create their accounts by following the invitation link
Permission Management
User permissions are managed through the admin dashboard1// Admins can update permission groups for team members 2// Changes take effect immediately for the user's session
Getting Started
Ready to set up user management in Karrio? Follow these steps:
- Register users and handle email verification
- Assign appropriate permission groups based on responsibilities
- Set up authentication for your application
- Configure role-based access for different user types
Next Steps
- Learn about multi-orgs for advanced organization management
- Explore webhooks for user activity notifications
- Set up API logs to monitor user API usage
- Configure admin console for centralized management
