Skip to main content
POST
/
v1
/
user
Create a new user
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: JSON.stringify({
    metadata: {
      external_id: 'user_789_in_my_system',
      customer_tier: 'standard',
      signup_source: 'web'
    },
    display_name: 'John Doe',
    vault: {
      'identity.first_name': 'John',
      'identity.last_name': 'Doe',
      'identity.email': 'john.doe@example.com',
      'identity.date_of_birth': '1990-01-15'
    }
  })
};

fetch('https://api.getpalm.com/v1/user', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "object": "user",
  "created_at": "2025-10-24T10:30:00Z",
  "updated_at": "2025-10-24T15:45:00Z",
  "metadata": {
    "external_id": "user_123_in_my_system",
    "customer_tier": "premium",
    "signup_source": "mobile_app"
  },
  "status": "active",
  "verification": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "risk_level": "low",
    "workflow": {
      "name": "KYC Verification",
      "version": 1
    },
    "executed_at": "2024-01-15T10:30:00.000Z"
  },
  "display_name": "John Doe",
  "email_fingerprint": "f7c3bc1d808e04732adf679965ccc34ca7ae3441",
  "phone_fingerprint": "a8d4bc2e919f15843beg890076ddd45db8bf4552",
  "vault": {
    "identity.first_name": "John",
    "identity.last_name": "Doe"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.getpalm.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Enter your API key in the format: sk_test_xxxxx or sk_live_xxxxx

Body

application/json
metadata
object

Store up to 50 custom key-value pairs for application-specific data. Useful for storing references to external systems, feature flags, or other custom attributes.

Example:
{
  "external_id": "user_789_in_my_system",
  "customer_tier": "standard",
  "signup_source": "web"
}
display_name
string

Display name for the user

Example:

"John Doe"

vault
object

User data to store in the vault. Use vault field IDs as keys (e.g., "identity.email", "identity.first_name"). See UserVaultFieldsDto for the complete list of available fields.

Example:
{
  "identity.first_name": "John",
  "identity.last_name": "Doe",
  "identity.email": "john.doe@example.com",
  "identity.date_of_birth": "1990-01-15"
}

Response

User created successfully

id
string<uuid>
required

Unique identifier for the resource

Example:

"123e4567-e89b-12d3-a456-426614174000"

object
enum<string>
required

Object type identifier, always "user"

Available options:
user
Example:

"user"

created_at
string<date-time>
required

ISO 8601 timestamp of when the resource was created

Example:

"2025-10-24T10:30:00Z"

updated_at
string<date-time>
required

ISO 8601 timestamp of when the resource was last updated

Example:

"2025-10-24T15:45:00Z"

metadata
object
required

Store up to 50 custom key-value pairs for application-specific data. Useful for storing references to external systems, feature flags, or other custom attributes.

Example:
{
  "external_id": "user_123_in_my_system",
  "customer_tier": "premium",
  "signup_source": "mobile_app"
}
status
enum<string>
required

Current status of the user

Available options:
active,
suspended,
deleted
Example:

"active"

verification
object
required

Most recent verification information. Null if user has never been verified.

display_name
object
required

Display name for the user

Example:

"John Doe"

email_fingerprint
object
required

SHA-256 fingerprint of the user's email address. Used for duplicate detection and search without exposing the actual email. Automatically generated when email is stored in vault.

Example:

"f7c3bc1d808e04732adf679965ccc34ca7ae3441"

phone_fingerprint
object
required

SHA-256 fingerprint of the user's phone number. Used for duplicate detection and search without exposing the actual phone. Automatically generated when phone is stored in vault.

Example:

"a8d4bc2e919f15843beg890076ddd45db8bf4552"

vault
object
required

Cached vault field values for non-encrypted fields. Keys are full field IDs (e.g., "identity.first_name"). Only includes fields where encrypted=false in vault_field_definition.

Example:
{
  "identity.first_name": "John",
  "identity.last_name": "Doe"
}