POST Supplier User

Create a new supplier-associated user.

Endpoint

Endpoint	`/api/suppliers/{supplierId}/users`
Method	POST
Scopes	riskassess.user.write and riskassess.supplier.write

Headers


Header	Argument
Authorization	Bearer token
Accept	application/json or application/xml
Content-Type	application/json or application/xml
X-Correlation-Id	(Optional) Request tracing ID

Parameters

Table 1. Path parameters
Parameter	Description
supplierId	Supplier entityId (GUID). Must not be an empty GUID. The supplierId in the request body is not required; the route value is applied to the request.

Table 2. Request body parameters
Parameter	Required	Description
coupaUserId	No	(Optional) Integer. If set, coupaUsername is required.
coupaUsername	Conditional	Required when coupaUserId is provided. Max length 256.
email	Yes	Valid email format. Max length 256.
firstName	Yes	Max length 200.
lastName	Yes	Max length 200.
status	Yes	User status. Accepted values: General_Active, General_Inactive.
userName	No	(Optional) Must look like a valid email. Max length 256.
middleName	No	(Optional) Max length 200.
ssoUsername	No	(Optional) Max length 256.
culture	No	(Optional) Max length 50.
prefix	No	(Optional) Max length 50.
title	No	(Optional) Max length 200.
businessPhoneNumber	No	(Optional) Validated when provided.
cellPhoneNumber	No	(Optional) Validated when provided.
faxNumber	No	(Optional) Max length 64.
address	No	(Optional) Address object with fields: street1, street2, city, state, postalCode, country.
userGroups	No	(Optional) Comma-separated list in one string. Max length 1000.
externalSupplierReference	No	(Optional) Max length 500.
extensionFields	No	(Optional) Object map of field name to string value (UDFs on the User object). For more information, see Extension Fields (User-Defined Fields).

Create user

Endpoint

POST /api/suppliers/{supplierId}/users

Example cURL request (minimal)

curl --location --request POST 'https://<your-instance>.risk.com/api/suppliers/dca10c83-8984-4b83-9e55-ed1c3837489e/users' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ••••••' \
--data '{
  "email": "jdoe@example.com",
  "firstName": "Jane",
  "lastName": "Doe",
  "status": "General_Active",
  "userName": "jdoe@example.com"
}'

Example cURL request (with address and extension fields)

curl --location --request POST 'https://<your-instance>.risk.com/api/suppliers/dca10c83-8984-4b83-9e55-ed1c3837489e/users' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ••••••' \
--data '{
  "email": "jdoe@example.com",
  "firstName": "Jane",
  "lastName": "Doe",
  "status": "General_Active",
  "title": "Manager",
  "address": {
    "street1": "1 Main St",
    "city": "Boston",
    "state": "MA",
    "postalCode": "02110",
    "country": "US"
  },
  "extensionFields": {
    "UserUdfNotes": "Internal notes",
    "UserUdfStartDate": "2026-01-15"
  }
}'

Example success response

{
    "success": true,
    "result": {
        "entityId": "a218d8e5-8c7a-4f3e-9b12-111111111111",
        "links": [
            {
                "rel": "self",
                "href": "https://your-instance.risk.com/api/users/a218d8e5-8c7a-4f3e-9b12-111111111111",
                "method": "GET"
            },
            {
                "rel": "update-user",
                "href": "https://your-instance.risk.com/api/suppliers/dca10c83-8984-4b83-9e55-ed1c3837489e/users/a218d8e5-8c7a-4f3e-9b12-111111111111",
                "method": "PUT"
            }
        ]
    },
    "errors": []
}

Example error response

{
    "success": false,
    "result": null,
    "errors": [
        {
            "message": "supplier_guid is required and cannot be empty",
            "errorCode": "InvalidRequest"
        }
    ]
}

Coupa Documentation

POST Supplier User

Endpoint

Headers

Parameters

Create user