> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.qonversion.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a user

> Create a new Qonversion user. The server generates the `QON_…` user id
and returns it in the response body and the `Location` header.

v3's `POST /v3/users/{id}` accepted a client-supplied id; v4
standardises on server-issued ids across every resource.

Pass an `Idempotency-Key` header to make retries safe — the same key
returns the originally-created user instead of creating a duplicate.


<Warning>Use `sandbox` environment for testing. Sandbox users do not affect production analytics.</Warning>


## OpenAPI

````yaml /api-reference/rest-api-v4.yaml post /users
openapi: 3.0.3
info:
  title: Qonversion REST API v4
  version: '4.0'
  description: >-
    Qonversion REST API v4 follows REST standards. It has predictable
    resource-oriented URLs, accepts JSON-encoded request bodies, returns
    JSON-encoded responses, and uses standard HTTP response codes,
    authentication, and verbs.
servers:
  - url: https://api.qonversion.io/v4
    description: Production
security:
  - secretAuth: []
tags:
  - name: Users
    description: Retrieve Qonversion users
  - name: User Properties
    description: Manage user-level attributes
  - name: Identities
    description: Link Qonversion users to your own auth IDs
  - name: Entitlements
    description: Entitlement definitions and user grants
  - name: Purchases
    description: A user's purchase history
  - name: Products
    description: Products configured in the Qonversion dashboard
  - name: Customers
    description: Aggregated customer records, properties, permissions, and metrics
  - name: Segments
    description: Dynamic and system segments of users
  - name: Experiments
    description: Paywall and offering A/B experiments
  - name: Screens
    description: No-code paywall screens — CRUD, publish, analytics
  - name: Analytics
    description: Charts, cards, cohorts, LTV, and insights
  - name: Exports
    description: Asynchronous data exports
  - name: Events
    description: Event catalog
  - name: Scheduled Reports
    description: Recurring reports delivered to external destinations
  - name: Integrations
    description: Third-party integrations configuration
  - name: Automations
    description: Event-driven automations
  - name: Project Settings
    description: Project-level configuration, secret, and store credentials
paths:
  /users:
    post:
      tags:
        - Users
      summary: Create a user
      description: |
        Create a new Qonversion user. The server generates the `QON_…` user id
        and returns it in the response body and the `Location` header.

        v3's `POST /v3/users/{id}` accepted a client-supplied id; v4
        standardises on server-issued ids across every resource.

        Pass an `Idempotency-Key` header to make retries safe — the same key
        returns the originally-created user instead of creating a duplicate.
      operationId: v4CreateUser
      parameters:
        - name: Idempotency-Key
          in: header
          required: false
          schema:
            type: string
          description: Client-generated key that makes retries safe.
          example: 7f4c2e3a-1e5a-4d63-a2cb-0ddc2a2dc4fa
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V4UserCreate'
            example:
              environment: prod
      responses:
        '201':
          description: User created
          headers:
            Location:
              description: Canonical URL of the newly-created user.
              schema:
                type: string
                example: /v4/users/QON_3af4c5b8a4d24f21b72e9d0c8aef9d4e
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4User'
              example:
                object: user
                id: QON_3af4c5b8a4d24f21b72e9d0c8aef9d4e
                url: /v4/users/QON_3af4c5b8a4d24f21b72e9d0c8aef9d4e
                environment: prod
                identity_id: null
                created_at: '2026-04-20T12:00:00Z'
        '400':
          description: Invalid request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '415':
          description: Unsupported Content-Type
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '500':
          description: Internal error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
      security:
        - secretAuth: []
components:
  schemas:
    V4UserCreate:
      type: object
      required:
        - environment
      properties:
        environment:
          type: string
          enum:
            - prod
            - sandbox
          description: Environment the user belongs to.
          example: prod
    V4User:
      type: object
      required:
        - object
        - id
        - url
        - environment
        - created_at
      properties:
        object:
          type: string
          enum:
            - user
        id:
          type: string
          description: Qonversion User ID. SDK-generated IDs are prefixed with `QON_`.
          example: QON_3af4c5b8a4d24f21b72e9d0c8aef9d4e
        url:
          type: string
          description: Canonical API path.
          example: /v4/users/QON_3af4c5b8a4d24f21b72e9d0c8aef9d4e
        environment:
          type: string
          enum:
            - prod
            - sandbox
          description: Environment the user belongs to.
          example: prod
        identity_id:
          type: string
          nullable: true
          description: >-
            External identity identifier, if set. Null when not linked to an
            identity.
          example: awesome_user
        created_at:
          type: string
          format: date-time
          description: Creation timestamp (ISO 8601 UTC).
          example: '2025-09-15T12:30:00Z'
    V4Error:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - type
            - code
            - message
          properties:
            type:
              type: string
              enum:
                - request
                - resource
                - logical
                - internal
            code:
              type: string
              description: |
                Machine-readable snake_case error code. Examples include
                `invalid_data`, `invalid_request`, `invalid_product_id`,
                `not_found`, `already_exists`, `offering_already_exists`,
                `product_not_in_project`, `cannot_set_main_directly`,
                `cannot_demote_main`, `cannot_patch_experiment_variant`,
                `cannot_delete_experiment_variant`, and
                `cannot_setmain_experiment_variant`. Resource-specific codes
                are documented on the corresponding reference page.
            message:
              type: string
              description: Human-readable description. May change; do not parse.
            details:
              type: array
              nullable: true
              description: Per-field validation errors, present on 400 validation failures.
              items:
                type: object
                properties:
                  field:
                    type: string
                  message:
                    type: string
  securitySchemes:
    secretAuth:
      type: http
      scheme: bearer
      bearerFormat: sk_…
      description: >-
        Bearer authentication using the project **Secret Key** (prefixed with
        `sk_`, or `test_sk_` for sandbox). All v4 public endpoints require the
        Secret Key — see [Authentication](/reference/v4/authentication). Never
        expose the Secret Key in client-side code.

````