Cloud Administration Add/Remove High-Risk User API

Document created by RSA Information Design and Development on Mar 22, 2019Last modified by RSA Information Design and Development on Mar 9, 2020
Version 15Show Document
  • View in full screen mode

Use the Cloud Administration Add/Remove High-Risk User List API to add or remove one or more users from a high-risk user list. You can determine authentication and access requirements for users who are identified as high risk. These might be users whose accounts have been compromised, or for whom a third-party security information and event management (SIEM) solution, such as RSA NetWitness, has detected suspicious activity.

Note:  This API is available only for Premium Edition.


Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs .

Administrative Roles

This API must use an API key that is associated with the Super Administrator role. For more information, see Manage the Cloud Administration API Keys.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to add or remove one or more users from the high-risk user list.

Note:  The high-risk user list supports user emails. The sAMAccountName attribute is not supported.

MethodRequest URLResponse Content TypeResponse BodyResponse Codes
PUT /AdminInterface/restapi/v1/users/highriskapplication/json

List of user emails that failed to update, or none if all succeeded.

200, 207, 403, 500

Example Request Body

The following example displays a request.

PUT /AdminInterface/restapi/v1/users/highrisk

Accept: application/json

Authorization: Bearer <JWT token>

Request Body Parameters

The following table describes the request body parameters.

Request ParameterRequiredDescriptionType
actionYesAdd or remove. Case insensitive.String

List of user emails. Case insensitive. Maximum number of user emails is 100.


Example Request Body

The following example displays a request body.

{ "action": "add",

"users": [







The following table lists the response scenarios.

ScenarioResponse CodeResponse Body
Successfully updated all users in the request.200OK. No body is returned.
Partially successful in updating users in the request.207

Multi-status list of user emails that did not update from the request. See Cloud Administration Add/Remove High-Risk User API.

Invalid request body parameters.400

Bad request caused by one of the following:

Invalid property.

Invalid or missing action code.

Empty list of emails.

Number of emails exceeds maximum allowed value of 100.

Not authorized to perform the request.403Forbidden.
User not found in the identity source.404User not found.
Unexpected error.500Internal server error.

Multi-Status Objects Response

When a partial success occurs, each failed user is listed in the response, along with the status code.

Example Partial Success Response Body

The following example displays a partial success response body.


"user": "",

"statusCode": 500,

"error": "Internal Server Error"




"statusCode": 404

"error": "User not found"



Property Response Descriptions

The following table describes properties used in the response.

PropertyDescriptionData Type

User's email address.

statusCodeHTTP status code for failed operation 400 or 500. See Cloud Administration Add/Remove High-Risk User APIString
errorError message describing the failed operation.String

Response Codes

The following table shows response codes for this API.

200Operation completed successfully.
207Partial update for the request (multi-status).
400Operation not performed. Client syntax errors.

User not found when a single email address is provided.


Internal error occurred.



We want your feedback! Tell us what you think of this page.

You are here
Table of Contents > Cloud Administration APIs > Cloud Administration Add/Remove High-Risk Users API