Workplace

Workplace from Meta is going away. You will be able to continue using Workplace until 31 August 2025. Visit our Help Center to find out more.

Account Management API (Graph)

Overview

As people join and leave your organization, you need to grant and revoke access to Workplace. This set of guides introduces the concepts of account provisioning and deactivation through the use of the Graph API, which can be used to read, create, modify and delete users.

If you're planning on integrating with a cloud provider for the purpose of provisioning and deactivating users, please see our Automatic Account Management guide.

Account Management using the Graph API is available to custom integrations and third party apps with the Manage Work Profiles or Provision User Accounts permission. Adding or removing an account requires the Provision User Accounts permission. Editing an account requires the Manage Work Profiles permission.

Reading user accounts

See Member page.

Supported writeable fields

This table shows the fields that can be set and updated using the Graph API. See Member page for information on all fields and edges, including read-only fields.

FieldDescriptionTypeRequired

email

Unique identifier for the user, used by the user to directly authenticate with the service provider. Must be unique.

String

Optional. Accounts without email addresses must have an external_id set.

name

The components of the Users real name.

String

Required

title

Job title of the user, e.g., Vice President.

String

Optional

organization

Identifies the name of an organization.

String

Optional

division

Identifies the name of a division.

String

Optional

department

Identifies the name of a department.

String

Optional

manager

Set manager of user. Use /managers edge or managers field to read manager.

ID

Optional

external_id

An identifier for the User as defined by the customer. Each User MAY include a non-empty externalId value. The value of the externalId attribute is always issued be the customer and will never be specified by Workplace.

ID

Required if the user account does not have an email address set. Otherwise optional

cost_center

Identifies the name of a cost center.

String

Optional

invited (write-only)

Control whether a user is invited. This field is ignored for accounts without an email address, which will always be invited on creation.

Boolean

Optional

active

Whether a user account is active.

Boolean

Optional

work_locale

User's locale. This is the locale that Workplace will use for this user until there is another way to determine the user's locale (such as a browser or device language setting)

String. Valid values are concatenation of the ISO 639-1 two-letter language code plus an underscore plus the ISO 3166-1 two letter country code.For example, en_US specifies the English language and country US.

Optional

auth_method

User's authentication method to Workplace

String. Either SSO or PASSWORD

Optional

frontline

User's frontline status

Object (see section below)

Optional

Frontline field

Further fields are available within the frontline field.

FieldDescriptionTypeRequired

is_frontline

Whether a user is marked as a frontline user

Boolean

Optional

has_access

This field will only be avaiable if the is_frontline field is set to true

Whether a user currently has access to Workplace. Setting it false would block the user's access temporarily while the user account would still remain active within Workplace.

Boolean

Optional

Supported writeable edges

This table shows the edges that can be set and updated using the Graph API. See Member page for information on all fields and edges, including read-only fields.

FieldDescriptionExample

/phones

Phone numbers for the user. Only the primary work phone number will be shown in-product

{ "number": "+44-7236-123459", "type": "work", "primary": "true" }

Adding user accounts

Users can be added to Workplace by calling the https://graph.facebook.com/community/accounts endpoint using the POST verb and including the required profile fields. Field data can be provided as URL parameters or as JSON within the data payload.

The Provision user accounts permission is required to add user accounts.

On successful creation. the newly-created user ID will be returned.

Create user account using URL parameters

POST /community/accounts
  ?name=John McClane
  &email=john@mclane.com
  &title=Salesman
  &department=US Sales
  &organization=Global Sales
  &manager=1126377362881
  &division=Cars
  &cost_center=CC1
  &invited=true
  &work_locale=en_US
  &auth_method=PASSWORD
HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

Create a new user account using JSON payload

POST /community/accounts HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

{
  "name"         : "John McLane",
  "email"        : "john@mclane.com",
  "title"        : "Salesman",
  "department"   : "US Sales",
  "organization" : "Global Sales",
  "manager"      : 100013693981877,
  "division"     : "Cars",
  "cost_center"  : "CC1",
  "external_id"  : "1232112",
  "invited"      : true,
  "work_locale"  : "en_US",
  "auth_method"  : "PASSWORD"
}

Modifying user accounts

Users can be edited in Workplace by calling the https://graph.facebook.com/{user-id} endpoint using the POST verb and providing updated profile field data. Field data can be provided as URL parameters (preferred) or as JSON within the data payload (some operations not fully supported). Omitted fields will not be changed.

You can alternatively use email address when updating users via Graph API. Endpoint to call in that case is https://graph.facebook.com/{email}.

The Manage work profiles permission is required to modify user profile data.

Modify user account using URL parameters

POST /{user-id}
  ?name=John McClane
  &email=john@mclane.com
  &title=Salesman
  &department=US Sales
  &organization=Global Sales
  &manager=1126377362881
  &division=Cars
  &cost_center=CC1
  &invited=true
  &work_locale=en_US
  &auth_method=PASSWORD

HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

Modify user account using JSON payload

POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

{
  "name"         : "John McLane",
  "email"        : "john@mclane.com",
  "title"        : "Salesman",
  "department"   : "US Sales",
  "organization" : "Global Sales",
  "manager"      : 100013693981877,
  "division"     : "Cars",
  "cost_center"  : "CC1",
  "external_id"  : "1232112",
  "invited"      : true
  "work_locale"  : "en_US"
  "auth_method"  : "PASSWORD"
}


Set or modify a user's phone number

POST /{user-id}/phones HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{
"number": "+44-7236-123459",
"type": "work",
"primary": "true"
}

Set or modify a user's frontline status

POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

{"frontline": 
  {"is_frontline": true}
}

Set or modify a user's has_access status

POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

{"frontline": {
 "is_frontline": true, 
 "has_access": false
  }
}

Set or a user account as deactivated

POST /{user-id}?active=false HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

Unsetting previously set profile fields

To uset a previously set field, set the profile field to an empty setting. Note that the name field can never be unset nor empty and the email field cannot be cleared.

Unsetting title field using URL parameter

POST /{user-id}&title=&
HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

Unsetting title field using JSON payload

POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

{
  "title"        : ""
}

Setting user profile photo

Profile photos can be updated by making a POST call to the https://graph.facebook.com/{user-id}/profile_pictures endpoint. Image data can be provided in jpg or png format and can be supplied as a publicly accessible URL or as a file upload. A caption can optionally be set for the photo.

Publicly accessible URL

POST graph.facebook.com
      /{user-id}/profile_pictures?
      image_url={...}&
      caption={...}

Photo data included in request

POST graph.facebook.com
      /{user-id}/profile_pictures?
      caption={...}
Content-Type: multipart/form-data;
Content-Disposition: form-data; name="image_data"; filename="/profile_picture.png

Setting user profile photo

Profile photos can be updated by making a POST call to the https://graph.facebook.com/{user-id}/profile_pictures endpoint. Image data can be provided in jpg or png format and can be supplied as a publicly accessible URL or as a file upload. A caption can optionally be set for the photo.

Publicly accessible URL

POST graph.facebook.com
      /{user-id}/profile_pictures?
      image_url={...}&
      caption={...}

Photo data included in request

POST graph.facebook.com
      /{user-id}/profile_pictures?
      caption={...}
Content-Type: multipart/form-data;
Content-Disposition: form-data; name="image_data"; filename="/profile_picture.png

Remove Profile Information

Profile data can be removed from deactivated users by making a POST call to the https://graph.facebook.com/{user-id}/remove_profile_information endpoint. This has the effect of removing personal information, including name and profile image, from a user account. A full list of fields from which data will be removed is provided. Posts and comments made by this person will remain available on Workplace.

Removing personal information is permanent and can't be undone. A profile where Remove Profile Information has been used cannot be restored, even if the same individual returns back to the organisation.

This endpoint can only be successfully called once a four day grace period has elapsed since the affected user account was deactivated.

The remove_profile_information permission is requrired to call this endpoint successfully.

Affected fields

The following is the full list of field where data will be removed by the /remove_profile_information endpoint:

  • External ID
  • Username
  • Formatted name
  • Family name
  • Given name
  • Middle name
  • Honorific prefix
  • Honorific suffix
  • Display name
  • Nicknames
  • Profile URL
  • Preferred language
  • Locale
  • Profile languages
  • Timezone
  • Employee number
  • Entitlements
  • Hire date
  • Termination date
  • Roles
  • Emails
  • IMs
  • Phone numbers
  • Addresses
  • Manager email
  • Manager external ID
  • Manager
  • Skills
  • Bio
  • Frontline settings
  • Total report count
  • Custom pronoun text
  • Division
  • Department
  • Job title
  • Org
  • Cost Center
  • IDP import settings
  • Creation invite
  • Unlaunched login attempt
  • X509 certificates
  • All cover pictures
  • All profile pictures
  • Follows
  • Birthday
  • Name pronunciation

Remove Profile Information

POST /{user-id}/remove_profile_information HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}

Deleting user accounts

User accounts which have never been claimed can be deleted by calling the https://graph.facebook.com/{user-id} endpoint using the DELETE verb.

The Provision user accounts permission is required to delete user accounts.

Delete user account

DELETE /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}