ServiceUser
Last updated: July 3, 2026
A ServiceUser is an end-user of your product who signed up through ServiceLogin, that is, a member account. It is a separate identity from a Weegloo platform account (the Weegloo User who logs in to the content studio), and a ServiceUser's token authenticates against ACMA/ACDA.
A ServiceUser is created when a member signs up directly through ServiceLogin. For that reason this API has no create or delete endpoints, only reads and a few updates made by an administrator (a Weegloo User).
Resource structure
The following is the single-read response for one ServiceUser. Together with sys (system properties), it has the body properties that hold the member's display info and permission settings: nickname, avatarUrl, roleOverride, enableLogin, and isAdmin.
{
"sys": {
"id": "3trmXRM3RqbgSnifyg7PSusr01Ex",
"type": "ServiceUser",
"space": { "sys": { "id": "tcq4V2Xb", "type": "Refer", "targetType": "Space" } },
"provider": "google",
"email": "buyer@example.com",
"createdAt": "2026-06-18T12:50:00.000Z",
"updatedAt": "2026-06-18T12:50:00.000Z"
},
"nickname": "Regular shopper",
"avatarUrl": "https://lh3.example.com/a/buyer-avatar",
"roleOverride": null,
"enableLogin": true,
"isAdmin": false
}Key properties:
sys.email: The email address the member used to sign up. Together withsys.provider, it shows which account they signed up with.sys.provider: The OAuth provider used to sign up (for example,google).roleOverride: TheReferyou put in to give a different ServiceUserRole to this member alone. When it is empty (null), the member follows ServiceLogin's default role.isAdmin: When turned on, it lets this member delete resources created by other members. It is a narrow permission, and it does not grant edit or read permission on other members' resources.
System properties (sys)
Every ServiceUser carries common system properties in the sys object. space is in the Refer shape ({ "sys": { "id", "type": "Refer", "targetType" } }).
| Property | Type | Description |
|---|---|---|
id | string | Unique resource identifier. |
type | string | Resource kind. For a ServiceUser this is always "ServiceUser". |
space | Refer<Space> | The Space this ServiceUser belongs to. |
provider | string | The OAuth provider used to sign up (for example, google). |
email | string | The email address used to sign up. |
createdAt | string (date-time) | Sign-up (creation) time. |
updatedAt | string (date-time) | Last update time. |
Because a ServiceUser is a resource a member creates by their own sign-up, its sys has no createdBy, updatedBy, or version, unlike other CMA resources. Since there is no version, updates (PUT, PATCH) also do not send the X-Weegloo-Version header. There is no publishing concept either, so there is no publish, archive, or status.
Body properties
| Property | Type | Description |
|---|---|---|
nickname | string | The member's display name. |
avatarUrl | string | Profile image address (optional). |
roleOverride | Refer<ServiceUserRole> | A ServiceUserRole to give to this member alone (optional). When set, it takes precedence over ServiceLogin's default role. |
enableLogin | boolean | Whether login is allowed. Turning it off blocks this member's login. |
isAdmin | boolean | When turned on, it lets the member delete resources created by other members. It is a narrow permission and does not grant edit or read permission on other members' resources. |
Managing members
Because a ServiceUser comes into being through sign-up, there is no create endpoint, and there is no delete endpoint either. An administrator (a Weegloo User) can adjust the following three things with an update (PUT, PATCH).
- Set/clear
roleOverride: Gives a different ServiceUserRole to one specific member only. Use it when you want to treat a single member differently, such as for a paid tier, a moderator, or a beta group. AroleOverrideyou set takes precedence over ServiceLogin'sdefaultRole. - Toggle
enableLogin: Turning it off blocks that member's login. - Toggle
isAdmin: Turning it on lets the member delete resources created by other members, for moderation.
isAdmin is a narrow flag that only adds delete permission on other members' resources. It does not grant edit or read permission on other members' resources, and it does not promote this member to a Weegloo content studio administrator (a CMA administrator). It also does not open up operations that the member's ServiceUserRole did not allow in the first place.
API
The base URL for all endpoints below is https://cma.weegloo.com/v1, and a Bearer token that authenticates against CMA is required in the Authorization header. Because a ServiceUser is a resource with no version, updates (PUT, PATCH) also do not send the X-Weegloo-Version header. There are no create or delete endpoints (a member is created by sign-up).
Related documents
- ServiceUserRole: The permission bundle to give to
roleOverride. - ServiceLogin: Member sign-up and default-role (
defaultRole) settings. - ACMA/ACDA overview: The API a ServiceUser calls.
