Practice Exercise: Save User

This is the fourth in a series of practice exercises to help you become familiar with the Cherwell® REST API Discovery Tool. We highly recommend that you complete the following exercises before you begin:

In this exercise, you will use a Model Schema to build a complex request parameter, which will be passed into the API call in order to create a new User.

  1. Log into the REST API Discovery Tool. See Opening the REST API Discovery Tool.
  2. Click the Users heading to expand the list of operations.
  3. Click /api/V2/saveuser to expand the operation's details.
  4. Set the contents of the request Value field to match the model schema.

In the next steps you will edit the JSON code as you did for Practice Exercise: Get Quick Search Configuration for Business Objects. You can edit the code directly in Swagger, or you can copy the code into a text editor so that it is easier to work with.

  1. Set the value for accountLocked to false.
  2. Get the Business Object ID for UserInfo.
    For the procedure to get a Business Object ID, see Practice Exercise: Get Business Object Schema.
  3. Set the value for busObId to the Business Object ID for UserInfo
  4. Delete the key-value pairs for busObPublicId and busObRecId from the JSON code. These values are not required for the creation of a new User.
  5. Set the value for displayName to Test User.
  6. Set the value for ldapRequired to false.
  7. Set the value for loginId to Test.
  8. Set the value for nextPasswordResetDate to null.
  9. Set the value for password to P@ssword. Ensure this value meets the password complexity requirements set in CSM.
  10. Ensure the value for passwordNeverExpires is set to true.
  11. Set the value for securityGroupId to the Security Group ID for the User's Security Group. For this exercise, choose any Security Group.
    Call api/V2/getsecuritygroups to see a list of Security Groups and their IDs.
  12. Ensure the value for userCannotChangePassword is set to true.
  13. Set the values for userInfoFields. Call /api/V1/getbusinessobjectschema/busobid/{busobid} to get the schema for the UserInfo Business Object. For each field:
    1. Ensure the value for dirty is set to true.
      This setting must be enabled for each field in order to save the field values.
    2. Set the value for displayName to the Display Name.
    3. Set the value for fieldId to the Field ID.
    4. Set the value for name to the Name.
    5. Set the value for the field.
  14. Set the value for userMustChangePasswordAtNextLogin to false.
  15. Delete the key-value pair for windowsUserId. You are creating a Cherwell User, so this value is unnecessary. See the example below of the full request body:


"accountLocked": false,

"busObId": "9338216b3c549b75607cf54667a4e67d1f644d9fed",

"displayName": "Test User",

"ldapRequired": false,

"loginId": "Test",

"nextPasswordResetDate": "null",

"password": "P@ssword",

"passwordNeverExpires": true,

"securityGroupId": "93d5aa70c8893014a2b7dc4733953c6185777e92bf",

"userCannotChangePassword": true,

"userInfoFields": [


"dirty": true,

"displayName": "Full Name",

"fieldId": "BO:9338216b3c549b75607cf54667a4e67d1f644d9fed,FI:93382178280a07634f62d74fc4bc587e3b3f479776",

"name": "FullName",

"value": "Test User"


"dirty": true,

"displayName": "Email",

"fieldId": "BO:9338216b3c549b75607cf54667a4e67d1f644d9fed,FI:933821793f43a638cf23e34723b907956d324ad303",

"name": "Email",

"value": "[email protected]"



"userMustChangePasswordAtNextLogin": false,


  1. Click Try it out!
    Pay attention to the HTTP response codes you receive, and troubleshoot as appropriate:
    200 Indicates a successful call.
    400 Indicates a bad request due to missing parameters or incorrect formatting.
    402 Indicates a failed call. The request body is formatted correctly, but the system is unable to execute the request.
    404 Indicates a failed call due to a nonexistent URL.
  2. Optional: Try adding or updating field values for the User you just created.