Method: projects.tenants.accounts

Signs up a new email and password user or anonymous user, or upgrades an anonymous user to email and password. For an admin request with a Google OAuth 2.0 credential with the proper permissions, creates a new anonymous, email and password, or phone number user.

An API key is required in the request in order to identify the Google Cloud project.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/projects/{targetProjectId}/tenants/{tenantId}/accounts

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
targetProjectId

string

The project ID of the project which the user should belong to. Specifying this field requires a Google OAuth 2.0 credential with the proper permissions. If this is not set, the target project is inferred from the scope associated to the Bearer access token.

tenantId

string

The ID of the Identity Platform tenant to create a user under. If not set, the user will be created under the default Identity Platform project.

Request body

The request body contains data with the following structure:

JSON representation
{
  "email": string,
  "password": string,
  "displayName": string,
  "captchaChallenge": string,
  "captchaResponse": string,
  "instanceId": string,
  "idToken": string,
  "emailVerified": boolean,
  "photoUrl": string,
  "disabled": boolean,
  "localId": string,
  "phoneNumber": string,
  "mfaInfo": [
    {
      object (MfaFactor)
    }
  ],
  "clientType": enum (ClientType),
  "recaptchaVersion": enum (RecaptchaVersion)
}
Fields
email

string

The email to assign to the created user. The length of the email should be less than 256 characters and in the format of name@domain.tld. The email should also match the RFC 822 addr-spec production. An anonymous user will be created if not provided.

password

string

The password to assign to the created user. The password must be be at least 6 characters long. If set, the email field must also be set.

displayName

string

The display name of the user to be created.

captchaChallenge
(deprecated)

string

captchaResponse

string

The reCAPTCHA token provided by the reCAPTCHA client-side integration. reCAPTCHA Enterprise uses it for assessment. Required when reCAPTCHA enterprise is enabled.

instanceId
(deprecated)

string

idToken

string

A valid ID token for an Identity Platform user. If set, this request will link the authentication credential to the user represented by this ID token. For a non-admin request, both the email and password fields must be set. For an admin request, localId must not be set.

emailVerified

boolean

Whether the user's email is verified. Specifying this field requires a Google OAuth 2.0 credential with the proper permissions.

photoUrl

string

The profile photo url of the user to create.

disabled

boolean

Whether the user will be disabled upon creation. Disabled accounts are inaccessible except for requests bearing a Google OAuth2 credential with proper permissions.

localId

string

The ID of the user to create. The ID must be unique within the project that the user is being created under. Specifying this field requires a Google OAuth 2.0 credential with the proper permissions.

phoneNumber

string

The phone number of the user to create. Specifying this field requires a Google OAuth 2.0 credential with the proper permissions.

mfaInfo[]

object (MfaFactor)

The multi-factor authentication providers for the user to create.

clientType

enum (ClientType)

The client type: web, Android or iOS. Required when enabling reCAPTCHA enterprise protection.

recaptchaVersion

enum (RecaptchaVersion)

The reCAPTCHA version of the reCAPTCHA token in the captchaResponse.

Response body

If successful, the response body contains an instance of SignUpResponse.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.