1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
---
stage: Software Supply Chain Security
group: Authentication
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# User moderation API
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
You can [approve, activate, ban, and block users](../administration/moderate_users.md) by using the REST API.
## Approve a user
Approves the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/approve
```
Parameters:
| Attribute | Type | Required | Description |
|------------|---------|----------|----------------------|
| `id` | integer | yes | ID of specified user |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/users/42/approve"
```
Returns:
- `201 Created` on success.
- `404 User Not Found` if user cannot be found.
- `403 Forbidden` if the user cannot be approved because they are blocked by an administrator or by LDAP synchronization.
- `409 Conflict` if the user has been deactivated.
Example Responses:
```json
{ "message": "Success" }
```
```json
{ "message": "404 User Not Found" }
```
```json
{ "message": "The user you are trying to approve is not pending approval" }
```
## Reject a user
Reject the specified user that is
[pending approval](../administration/moderate_users.md#users-pending-approval).
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/reject
```
Parameters:
- `id` (required) - ID of specified user
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/users/42/reject"
```
Returns:
- `200 OK` on success.
- `403 Forbidden` if not authenticated as an administrator.
- `404 User Not Found` if user cannot be found.
- `409 Conflict` if user is not pending approval.
Example Responses:
```json
{ "message": "Success" }
```
```json
{ "message": "404 User Not Found" }
```
```json
{ "message": "User does not have a pending request" }
```
## Activate a user
Activate the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/activate
```
Parameters:
| Attribute | Type | Required | Description |
|------------|---------|----------|----------------------|
| `id` | integer | yes | ID of specified user |
Returns:
- `201 OK` on success.
- `404 User Not Found` if the user cannot be found.
- `403 Forbidden` if the user cannot be activated because they are blocked by an administrator or by LDAP synchronization.
## Deactivate a user
Deactivate the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/deactivate
```
Parameters:
| Attribute | Type | Required | Description |
|------------|---------|----------|----------------------|
| `id` | integer | yes | ID of specified user |
Returns:
- `201 OK` on success.
- `404 User Not Found` if user cannot be found.
- `403 Forbidden` when trying to deactivate a user that is:
- Blocked by administrator or by LDAP synchronization.
- Not [dormant](../administration/moderate_users.md#automatically-deactivate-dormant-users).
- Internal.
## Block a user
Block the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/block
```
Parameters:
| Attribute | Type | Required | Description |
|------------|---------|----------|----------------------|
| `id` | integer | yes | ID of specified user |
Returns:
- `201 OK` on success.
- `404 User Not Found` if user cannot be found.
- `403 Forbidden` when trying to block:
- A user that is blocked through LDAP.
- An internal user.
## Unblock a user
Unblock the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/unblock
```
Parameters:
| Attribute | Type | Required | Description |
|------------|---------|----------|----------------------|
| `id` | integer | yes | ID of specified user |
Returns `201 OK` on success, `404 User Not Found` is user cannot be found or
`403 Forbidden` when trying to unblock a user blocked by LDAP synchronization.
## Ban a user
Ban the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/ban
```
Parameters:
- `id` (required) - ID of specified user
Returns:
- `201 OK` on success.
- `404 User Not Found` if user cannot be found.
- `403 Forbidden` when trying to ban a user that is not active.
## Unban a user
Unban the specified user. Available only for administrator.
```plaintext
POST /users/:id/unban
```
Parameters:
- `id` (required) - ID of specified user
Returns:
- `201 OK` on success.
- `404 User Not Found` if the user cannot be found.
- `403 Forbidden` when trying to unban a user that is not banned.
## Related topics
- [Review abuse reports](../administration/review_abuse_reports.md)
- [Review spam logs](../administration/review_spam_logs.md)
|
