Skip to main content
POST
/
api
/
profiles
/
{user_id}
/
approve
Approve Registration
curl --request POST \
  --url https://api.example.com/api/profiles/{user_id}/approve \
  --header 'Authorization: <authorization>'
{
  "message": "<string>",
  "client_id": "<string>",
  "client_secret": "<string>"
}

Authentication

Authorization
string
required
Bearer token: Bearer <admin_token>
This endpoint requires admin privileges.

Path Parameters

user_id
string
required
The user’s profile ID (UUID)

Example Request

curl -X POST https://api.sari-platform.com/api/profiles/550e8400-e29b-41d4-a716-446655440000/approve \
  -H "Authorization: Bearer <admin_token>"

Response

message
string
Success message
client_id
string
Generated client identifier for API access
client_secret
string
Generated API secret (only shown once!)

Example Response

{
  "message": "User approved successfully",
  "client_id": "client_abc123def456",
  "client_secret": "base64-url-safe-secret-32-chars"
}
The client_secret is only returned once and cannot be retrieved later. Store it securely.

What Happens

  1. Credentials Generated - A unique client_id and client_secret are created
  2. Secret Hashed - The secret is hashed with bcrypt before storage
  3. Status Updated - Profile status changes to approved
  4. Email Sent - Credentials are emailed to the user via Resend

Errors

StatusDescription
401Invalid or expired token
403Admin access required
404User not found
409User already approved or rejected