Overview
The User Provisioning API lets trusted partner services create (or look up) Junis user accounts by email and attach them to the partner’s organization as pending members — reusing the standard invite flow, so the user’s first Google login automatically activates the membership and links their Google account.Provisioned accounts do not receive the signup credit bonus and do not have a
memory profile until the user actually logs in with Google for the first time.
Endpoint
Authentication
Include your API key in theX-API-Key header:
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email of the user to provision (normalized to lowercase) |
name | string | No | Display name (defaults to the email local part) |
organization_id | string | Yes | Must match the organization your API key resolves to |
Example Request
Response
| Field | Type | Description |
|---|---|---|
user_id | string | Junis user ID — usable as on_behalf_of in Chat Completions |
email | string | Normalized email |
created | boolean | true if a new account was created, false if it already existed |
membership_status | string | pending (awaiting first login) or active |
Behavior
Create-or-get user
If a user with the email already exists, it is returned unchanged (
created: false).
Otherwise a new account is created with google_id = NULL — no signup bonus,
no memory profile (both happen on the real first login).Ensure pending membership
If the organization has no membership row for this email, a
pending invite with the
member role is created — identical to inviting the user from the dashboard.Errors
| Status | Code | Description |
|---|---|---|
403 | insufficient_scopes | API key lacks the users:provision scope |
403 | — | Key’s organization does not match organization_id, or the backing user is not an org admin/owner |
422 | — | Invalid email address |
Acting on Behalf of Provisioned Users
Use the returneduser_id as on_behalf_of in
Chat Completions (requires the users:delegate scope).
Sessions and messages belong to the provisioned user, while subscription checks and
credit charges stay with your API key’s backing user. Pending members are allowed, so
delegation works before the user’s first login.