Version: v1.0.0(int)

E001: Create user

POST /api/user

Creates the platform user record the first time a Firebase identity authenticates against Pharus and returns any pending invitations addressed to the verified email. Idempotent — a repeat call for the same Firebase identity returns the existing row without creating a duplicate.

Authentication

Pre-tenant route. Requires Authorization: Bearer <firebase-id-token>; X-Org-Id is not required because no platform user row exists yet. Access: Member.

Request

No body. The user's identity (firebaseUid, email, displayName) is read from the verified Firebase ID token.

Response — 200 OK

{
  "user": {
    "id": "uuid",
    "firebaseUid": "string",
    "email": "user@example.com",
    "displayName": "Jane Doe"
  },
  "pendingInvitations": [
    {
      "id": "uuid",
      "orgId": "uuid",
      "orgName": "Acme Co",
      "email": "user@example.com",
      "role": "admin",
      "expiresAt": "2026-05-25T18:00:00Z"
    }
  ]
}

Cache-Control: no-store, no-cache, must-revalidate, private is set on the response.

Errors

HTTP	`code`	Condition
401	`unauthorized`	Missing, malformed, or rejected Firebase ID token.
422	`validation_failed`	The verified token has no email claim.

Workflow

Calls W001 Create user.

Authentication​

Request​

Response — 200 OK​

Errors​

Workflow​

Authentication

Request

Response — 200 OK

Errors

Workflow