# Logins {% hint style="warning" %} **Welcome to Our New API Docs!** This is the new home for all things API (previously at [Canvas LMS REST API Documentation](https://api.instructure.com)). {% endhint %} ## Logins API API for creating and viewing user logins under an account ### [List user logins](#method.pseudonyms.index) [PseudonymsController#index](https://github.com/instructure/canvas-lms/blob/master/app/controllers/pseudonyms_controller.rb) **`GET /api/v1/accounts/:account_id/logins`** **Scope:** `url:GET|/api/v1/accounts/:account_id/logins` **`GET /api/v1/users/:user_id/logins`** **Scope:** `url:GET|/api/v1/users/:user_id/logins` Given a user ID, return a paginated list of that user’s logins for the given account. **API response field:** * account\_id The ID of the login’s account. * id The unique, numeric ID for the login. * sis\_user\_id The login’s unique SIS ID. * integration\_id The login’s unique integration ID. * unique\_id The unique ID for the login. * user\_id The unique ID of the login’s user. * authentication\_provider\_id The ID of the authentication provider that this login is associated with * authentication\_provider\_type The type of the authentication provider that this login is associated with * workflow\_state The current status of the login * declared\_user\_type The declared intention for this user’s role **Example Response:** ```js [ { "account_id": 1, "id" 2, "sis_user_id": null, "unique_id": "belieber@example.com", "user_id": 2, "authentication_provider_id": 1, "authentication_provider_type": "facebook", "workflow_state": "active", "declared_user_type": null, } ] ``` ### [Kickoff password recovery flow](#method.pseudonyms.forgot_password) [PseudonymsController#forgot\_password](https://github.com/instructure/canvas-lms/blob/master/app/controllers/pseudonyms_controller.rb) **`POST /api/v1/users/reset_password`** **Scope:** `url:POST|/api/v1/users/reset_password` Given a user email, generate a nonce and email it to the user **API response field:** * requested The recovery request status **Example Response:** ```js { "requested": true } ``` ### [Create a user login](#method.pseudonyms.create) [PseudonymsController#create](https://github.com/instructure/canvas-lms/blob/master/app/controllers/pseudonyms_controller.rb) **`POST /api/v1/accounts/:account_id/logins`** **Scope:** `url:POST|/api/v1/accounts/:account_id/logins` Create a new login for an existing user in the given account. **Request Parameters:**

Parameter	Type	Description
`user[id]`	Required `string`	The ID of the user to create the login for.
`login[unique_id]`	Required `string`	The unique ID for the new login.
`login[password]`	`string`	The new login’s password.
`login[sis_user_id]`	`string`	SIS ID for the login. To set this parameter, the caller must be able to manage SIS permissions on the account.
`login[integration_id]`	`string`	Integration ID for the login. To set this parameter, the caller must be able to manage SIS permissions on the account. The Integration ID is a secondary identifier useful for more complex SIS integrations.
`login[authentication_provider_id]`	`string`	The authentication provider this login is associated with. Logins associated with a specific provider can only be used with that provider. Legacy providers (LDAP, CAS, SAML) will search for logins associated with them, or unassociated logins. New providers will only search for logins explicitly associated with them. This can be the integer ID of the provider, or the type of the provider (in which case, it will find the first matching provider).
`login[declared_user_type]`	`string`	The declared intention of the user type. This can be set, but does not change any Canvas functionality with respect to their access. A user can still be a teacher, admin, student, etc. in any particular context without regard to this setting. This can be used for administrative purposes for integrations to be able to more easily identify why the user was created. Valid values are: `* administrative * observer * staff * student * student_other * teacher`
`user[existing_user_id]`	`string`	A Canvas User ID to identify a user in a trusted account (alternative to `id`, `existing_sis_user_id`, or `existing_integration_id`). This parameter is not available in OSS Canvas.
`user[existing_integration_id]`	`string`	An Integration ID to identify a user in a trusted account (alternative to `id`, `existing_user_id`, or `existing_sis_user_id`). This parameter is not available in OSS Canvas.
`user[existing_sis_user_id]`	`string`	An SIS User ID to identify a user in a trusted account (alternative to `id`, `existing_integration_id`, or `existing_user_id`). This parameter is not available in OSS Canvas.
`user[trusted_account]`	`string`	The domain of the account to search for the user. This field is required when identifying a user in a trusted account. This parameter is not available in OSS Canvas.

**Example Request:** ```bash #create a facebook login for user with ID 123 curl 'https://

Parameter	Type	Description
`login[unique_id]`	`string`	The new unique ID for the login.
`login[password]`	`string`	The new password for the login. Admins can only set a password for another user if the “Password setting by admins” account setting is enabled.
`login[old_password]`	`string`	The prior password for the login. Required if the caller is changing their own password.
`login[sis_user_id]`	`string`	SIS ID for the login. To set this parameter, the caller must be able to manage SIS permissions on the account.
`login[integration_id]`	`string`	Integration ID for the login. To set this parameter, the caller must be able to manage SIS permissions on the account. The Integration ID is a secondary identifier useful for more complex SIS integrations.
`login[authentication_provider_id]`	`string`	The authentication provider this login is associated with. Logins associated with a specific provider can only be used with that provider. Legacy providers (LDAP, CAS, SAML) will search for logins associated with them, or unassociated logins. New providers will only search for logins explicitly associated with them. This can be the integer ID of the provider, or the type of the provider (in which case, it will find the first matching provider). To unassociate from a known provider, specify null or an empty string.
`login[workflow_state]`	`string`	Used to suspend or re-activate a login. Allowed values: `active`, `suspended`
`login[declared_user_type]`	`string`	The declared intention of the user type. This can be set, but does not change any Canvas functionality with respect to their access. A user can still be a teacher, admin, student, etc. in any particular context without regard to this setting. This can be used for administrative purposes for integrations to be able to more easily identify why the user was created. Valid values are: `* administrative * observer * staff * student * student_other * teacher`
`override_sis_stickiness`	`boolean`	Default is true. If false, any fields containing “sticky” changes will not be updated. See SIS CSV Format documentation for information on which fields can have SIS stickiness