User moderation API

Use this API to moderate user accounts. For more information, see Moderate users.

Approve access to a user

Approves access to a given user account that is pending approval.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/approve

Supported attributes:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/users/42/approve"

Returns:

• 201 Created on success.
• 404 User Not Found if user cannot be found.
• 403 Forbidden if the user cannot be approved because they are blocked by an administrator or by LDAP synchronization.
• 409 Conflict if the user has been deactivated.

Example Responses:

{ "message": "Success" }

{ "message": "404 User Not Found" }

{ "message": "The user you are trying to approve is not pending approval" }

Reject access to a user

Rejects access to a given user account that is pending approval.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/reject

Supported attributes:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/users/42/reject"

Returns:

• 200 OK on success.
• 403 Forbidden if not authenticated as an administrator.
• 404 User Not Found if user cannot be found.
• 409 Conflict if user is not pending approval.

Example Responses:

{ "message": "Success" }

{ "message": "404 User Not Found" }

{ "message": "User does not have a pending request" }

Deactivate a user

Deactivates a given user account. For more information on banned users, see Activate and deactivate users.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/deactivate

Supported attributes:

Returns:

• 201 OK on success.
• 404 User Not Found if user cannot be found.
• 403 Forbidden when trying to deactivate a user that is:
  • Blocked by administrator or by LDAP synchronization.
  • Not dormant.
  • Internal.

Reactivate a user

Reactivates a given user account that was previously deactivated.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/activate

Supported attributes:

Returns:

• 201 OK on success.
• 404 User Not Found if the user cannot be found.
• 403 Forbidden if the user cannot be activated because they are blocked by an administrator or by LDAP synchronization.

Block access to a user

Blocks a given user account. For more information on banned users, see Block and unblock users.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/block

Supported attributes:

Returns:

• 201 OK on success.
• 404 User Not Found if user cannot be found.
• 403 Forbidden when trying to block:
  • A user that is blocked through LDAP.
  • An internal user.

Unblock access to a user

Unblocks a given user account that was previously blocked.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/unblock

Supported attributes:

Returns:

• 201 OK on success.
• 404 User Not Found if user cannot be found.
• 403 Forbidden when trying to unblock a user blocked by LDAP synchronization.

Ban a user

Bans a given user account. For more information on banned users, see Ban and unban users.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/ban

Supported attributes:

Returns:

• 201 OK on success.
• 404 User Not Found if user cannot be found.
• 403 Forbidden when trying to ban a user that is not active.

Unban a user

Unbans a given user account that was previously banned.

Prerequisites:

• You must have administrator access to the instance.

POST /users/:id/unban

Supported attributes:

Returns:

• 201 OK on success.
• 404 User Not Found if the user cannot be found.
• 403 Forbidden when trying to unban a user that is not banned.

Related topics

• Review abuse reports
• Review spam logs