Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nekohub.fengying.xin/llms.txt

Use this file to discover all available pages before exploring further.

NekoHub does not have open registration. All user accounts are created and managed by admins with the appropriate permissions. This page covers how to create users, assign roles and permissions, and manage account status.
Users cannot register themselves. All accounts must be created by an admin through the admin console or the API.

Prerequisites

You must be logged in as a user with the users.create permission (or the SuperAdmin or Admin role) to manage users. Regular users do not have access to the /users page or the users API.

Create a user via the admin console

1

Open the Users page

Navigate to /users in the admin console.
2

Click New User

Click the New User button.
3

Fill in the details

Provide the following information:
  • Username — the login name for the new user
  • Password — an initial password; the user or an admin can reset it later
  • Role — select a role (see User roles below)
  • Active — leave checked to activate the account immediately
4

Save

Click Create. The user can now log in at /login.

Create a user via the API

Send a POST request to /api/v1/users: 
curl -X POST https://your-api-host/api/v1/users \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "jane",
    "password": "a-secure-password",
    "role": "Admin",
    "isActive": true,
    "permissions": []
  }'
A successful request returns 201 Created with the new user record: 
{
  "data": {
    "id": "0195a1b2-0000-7000-0000-000000000001",
    "username": "jane",
    "role": "Admin",
    "isActive": true,
    "permissions": [],
    "createdAtUtc": "2026-04-08T10:00:00Z",
    "updatedAtUtc": "2026-04-08T10:00:00Z",
    "lastLoginAtUtc": null
  }
}

User roles

NekoHub has a role hierarchy. Higher roles include all capabilities of lower roles.
RoleDescription
SuperAdminFull system access. Created automatically from the bootstrap environment variables on first deployment.
AdminCan manage users, storage providers, AI providers, and all assets.
(other roles)Roles with more limited access, configured by a SuperAdmin.
The SuperAdmin account is seeded from Auth__BootstrapSuperAdmin__Username and Auth__BootstrapSuperAdmin__Password during the first deployment. Only one SuperAdmin is created this way.

Grant or update permissions

In addition to roles, individual permissions can be granted to a user. Use PATCH /api/v1/users/{id}/permissions: 
curl -X PATCH https://your-api-host/api/v1/users/<user-id>/permissions \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "permissions": ["assets.create", "assets.read", "assets.update"]
  }'
This replaces the user’s current permissions with the provided list.

Disable or enable a user

To deactivate a user without deleting their account, use POST /api/v1/users/{id}/status: 
curl -X POST https://your-api-host/api/v1/users/<user-id>/status \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{"isActive": false}'
A disabled user cannot log in, but their account and associated data are retained.

Reset a password

Admins can reset any user’s password using POST /api/v1/users/{id}/reset-password: 
curl -X POST https://your-api-host/api/v1/users/<user-id>/reset-password \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{"newPassword": "new-secure-password"}'
A successful reset returns 204 No Content. The user’s next login must use the new password.
NekoHub does not support self-service password reset, email verification, or MFA. Password changes must be performed by an admin through this endpoint or the admin console.