Application User

General Information About Application Users

The application user is a user which is used by applications to interact with the web services.

The main difference to a human user is that the application user can authenticate without a password. The application user has to sign each request sent to the web service with a pre-shared secret. For details about how to sign those request, please take a look at the corresponding documentation about the web service authentication.

Each application can have exactly two such pre-shared secrets. This allows to change/replace the secret without downtime. E.g. a new secret can be generated and some time later the secret can be updated in the client application. However, in the mean time, the web service will accept requests signed with the old secret.

Roles and Application Users

Application users have roles. Each role grants different permissions to the user. When creating and assigning roles you have to keep in mind that each role is context specific. There are access rights that are bound to the context of a space or an account. You can assign the role only in such a context.

Manage Authentication Key

You can generate new authentication key in the managing application user view in case you lost the old key or when you want to replace it. After the migration is finished you can deactivate the old key. This allows you to use different key versions at the same time.

  • Create
    The create state indicates that the Application User is in creation.
  • Active
    The active state indicates that the Application User is active and may be used.
  • Inactive
    The inactive state indicates that the Application User is inactive and may not be used.
  • Deleting
    The deleting state indicates that the Application User is in the process to be deleted.
  • Deleted
    The deleted state marks the entity for purging from the database.
  • ID
    A unique identifier for the object.
  • Name
    The name used to identify the application user.
  • Planned Purge Date
    The date and time when the object is planned to be permanently removed. If the value is empty, the object will not be removed.
  • Primary Account
    The primary account that the user belongs to.
  • Request Limit
    The maximum number of API requests that are accepted every 2 minutes.
  • Scope
    The scope that the user belongs to.
  • State
    The object's current state.

    An application user can have the following states:


    When the state is set to Active this user can login and execute actions.


    When the state is set to Inactive this user can not login. However, all the information is kept and the user can be activated later.


    The user is in the process of the deletion. This may take some time until the user is marked as Deleting before being marked as Deleted.


    The user is deleted. Since the user is linked with data which cannot be deleted immediately, we need to keep the user until all the data can be removed.

  • User Type
    The user's type which defines its role and capabilities.
  • Version
    The version is used for optimistic locking and incremented whenever the object is updated.