User moderation API

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed, GitLab Dedicated

Use this API to moderate user accounts. For more information, see Moderate users.

Approve access to a user

Approves access to a given user account that is pending approval.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/approve

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/approve"

Returns:

  • 201 Created on success.
  • 404 User Not Found if user cannot be found.
  • 403 Forbidden if the user cannot be approved because they are blocked by an administrator or by LDAP synchronization.
  • 409 Conflict if the user has been deactivated.

Example Responses:

{ "message": "Success" }
{ "message": "404 User Not Found" }
{ "message": "The user you are trying to approve is not pending approval" }

Reject access to a user

Rejects access to a given user account that is pending approval.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/reject

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/reject"

Returns:

  • 200 OK on success.
  • 403 Forbidden if not authenticated as an administrator.
  • 404 User Not Found if user cannot be found.
  • 409 Conflict if user is not pending approval.

Example Responses:

{ "message": "Success" }
{ "message": "404 User Not Found" }
{ "message": "User does not have a pending request" }

Deactivate a user

Deactivates a given user account. For more information on banned users, see Activate and deactivate users.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/deactivate

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/deactivate"

Returns:

  • 201 OK on success.
  • 404 User Not Found if user cannot be found.
  • 403 Forbidden when trying to deactivate a user that is:
    • Blocked by administrator or by LDAP synchronization.
    • Not dormant.
    • Internal.

Reactivate a user

Reactivates a given user account that was previously deactivated.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/activate

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/activate"

Returns:

  • 201 OK on success.
  • 404 User Not Found if the user cannot be found.
  • 403 Forbidden if the user cannot be activated because they are blocked by an administrator or by LDAP synchronization.

Block access to a user

Blocks a given user account. For more information on banned users, see Block and unblock users.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/block

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/block"

Returns:

  • 201 OK on success.
  • 404 User Not Found if user cannot be found.
  • 403 Forbidden when trying to block:
    • A user that is blocked through LDAP.
    • An internal user.

Unblock access to a user

Unblocks a given user account that was previously blocked.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/unblock

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/unblock"

Returns:

  • 201 OK on success.
  • 404 User Not Found if user cannot be found.
  • 403 Forbidden when trying to unblock a user blocked by LDAP synchronization.

Ban a user

Bans a given user account. For more information on banned users, see Ban and unban users.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/ban

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/ban"

Returns:

  • 201 OK on success.
  • 404 User Not Found if user cannot be found.
  • 403 Forbidden when trying to ban a user that is not active.

Unban a user

Unbans a given user account that was previously banned.

Prerequisites:

  • You must have administrator access to the instance.
POST /users/:id/unban

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesID of user account
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/users/42/unban"

Returns:

  • 201 OK on success.
  • 404 User Not Found if the user cannot be found.
  • 403 Forbidden when trying to unban a user that is not banned.