User Management

ApiMeld has two roles: Admin and User. Admins can see and manage everything; Users can create and manage their own tasks and any tasks shared with them.

Managing users

Go to Admin → Users to:

View all users and their status (active/inactive)
Change a user's role (Admin ↔ User)
Deactivate a user — they cannot log in, and all their refresh tokens are immediately revoked
Force a password reset — the user must change their password on next login
Delete a user (soft-delete — their tasks and run history are preserved)

Registration modes

Go to Admin → Settings → Auth to choose how new users join:

Mode	Description
Invite only (default)	Only admins can invite users via email
Open registration	Anyone can sign up at `/register`

Password requirements

Minimum 8 characters
At least one uppercase letter
At least one digit

These requirements cannot currently be changed from the UI.

Account lockout

After 5 consecutive failed login attempts, an account is locked for 5 minutes. This applies to all users including admins.

Session management

JWT access tokens expire after 15 minutes
Refresh tokens expire after 7 days of inactivity
Users are silently re-authenticated in the background — they only see a login prompt if they've been inactive for more than 7 days
Deactivating a user immediately revokes all their active sessions

User Management ​

Managing users ​

Registration modes ​

Password requirements ​