Appearance
User Management
ApiMeld has two roles: Admin and User. Admins can see and manage everything; Users can create and manage their own tasks and any tasks shared with them.
Managing users
Go to Admin → Users to:
- View all users and their status (active/inactive)
- Change a user's role (Admin ↔ User)
- Deactivate a user — they cannot log in, and all their refresh tokens are immediately revoked
- Force a password reset — the user must change their password on next login
- Delete a user (soft-delete — their tasks and run history are preserved)
Registration modes
Go to Admin → Settings → Auth to choose how new users join:
| Mode | Description |
|---|---|
| Invite only (default) | Only admins can invite users via email |
| Open registration | Anyone can sign up at /register |
Password requirements
- Minimum 8 characters
- At least one uppercase letter
- At least one digit
These requirements cannot currently be changed from the UI.
Account lockout
After 5 consecutive failed login attempts, an account is locked for 5 minutes. This applies to all users including admins.
Session management
- JWT access tokens expire after 15 minutes
- Refresh tokens expire after 7 days of inactivity
- Users are silently re-authenticated in the background — they only see a login prompt if they've been inactive for more than 7 days
- Deactivating a user immediately revokes all their active sessions