Workplace from Meta is going away. You will be able to continue using Workplace until 31 August 2025. Visit our Help Center to find out more.
As people join and leave your organization, you need to grant and revoke access to Workplace. This set of guides introduces the concepts of account provisioning and deactivation through the use of the Graph API, which can be used to read, create, modify and delete users.
If you're planning on integrating with a cloud provider for the purpose of provisioning and deactivating users, please see our Automatic Account Management guide.
Account Management using the Graph API is available to custom integrations and third party apps with the Manage Work Profiles
or Provision User Accounts
permission. Adding or removing an account requires the Provision User Accounts
permission. Editing an account requires the Manage Work Profiles
permission.
See Member page.
This table shows the fields that can be set and updated using the Graph API. See Member page for information on all fields and edges, including read-only fields.
Field | Description | Type | Required |
---|---|---|---|
| Unique identifier for the user, used by the user to directly authenticate with the service provider. Must be unique. | String | Optional. Accounts without email addresses must have an |
| The components of the Users real name. | String | Required |
| Job title of the user, e.g., Vice President. | String | Optional |
| Identifies the name of an organization. | String | Optional |
| Identifies the name of a division. | String | Optional |
| Identifies the name of a department. | String | Optional |
| Set manager of user. Use | ID | Optional |
| An identifier for the User as defined by the customer. Each User MAY include a non-empty externalId value. The value of the externalId attribute is always issued be the customer and will never be specified by Workplace. | ID | Required if the user account does not have an |
| Identifies the name of a cost center. | String | Optional |
| Control whether a user is invited. This field is ignored for accounts without an email address, which will always be invited on creation. | Boolean | Optional |
| Whether a user account is active. | Boolean | Optional |
| User's locale. This is the locale that Workplace will use for this user until there is another way to determine the user's locale (such as a browser or device language setting) | String. Valid values are concatenation of the ISO 639-1 two-letter language code plus an underscore plus the ISO 3166-1 two letter country code.For example, en_US specifies the English language and country US. | Optional |
| User's authentication method to Workplace | String. Either | Optional |
| User's frontline status | Object (see section below) | Optional |
Further fields are available within the frontline
field.
Field | Description | Type | Required |
---|---|---|---|
| Whether a user is marked as a frontline user | Boolean | Optional |
This field will only be avaiable if the | Whether a user currently has access to Workplace. Setting it | Boolean | Optional |
This table shows the edges that can be set and updated using the Graph API. See Member page for information on all fields and edges, including read-only fields.
Field | Description | Example |
---|---|---|
| Phone numbers for the user. Only the primary work phone number will be shown in-product |
|
Users can be added to Workplace by calling the https://graph.facebook.com/community/accounts
endpoint using the POST
verb and including the required profile fields. Field data can be provided as URL parameters or as JSON within the data payload.
The Provision user accounts permission is required to add user accounts.
On successful creation. the newly-created user ID will be returned.
POST /community/accounts
?name=John McClane
&email=john@mclane.com
&title=Salesman
&department=US Sales
&organization=Global Sales
&manager=1126377362881
&division=Cars
&cost_center=CC1
&invited=true
&work_locale=en_US
&auth_method=PASSWORD
HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
POST /community/accounts HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{
"name" : "John McLane",
"email" : "john@mclane.com",
"title" : "Salesman",
"department" : "US Sales",
"organization" : "Global Sales",
"manager" : 100013693981877,
"division" : "Cars",
"cost_center" : "CC1",
"external_id" : "1232112",
"invited" : true,
"work_locale" : "en_US",
"auth_method" : "PASSWORD"
}
Users can be edited in Workplace by calling the https://graph.facebook.com/{user-id}
endpoint using the POST
verb and providing updated profile field data. Field data can be provided as URL parameters (preferred) or as JSON within the data payload (some operations not fully supported). Omitted fields will not be changed.
You can alternatively use email address when updating users via Graph API. Endpoint to call in that case is https://graph.facebook.com/{email}
.
The Manage work profiles permission is required to modify user profile data.
POST /{user-id}
?name=John McClane
&email=john@mclane.com
&title=Salesman
&department=US Sales
&organization=Global Sales
&manager=1126377362881
&division=Cars
&cost_center=CC1
&invited=true
&work_locale=en_US
&auth_method=PASSWORD
HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{
"name" : "John McLane",
"email" : "john@mclane.com",
"title" : "Salesman",
"department" : "US Sales",
"organization" : "Global Sales",
"manager" : 100013693981877,
"division" : "Cars",
"cost_center" : "CC1",
"external_id" : "1232112",
"invited" : true
"work_locale" : "en_US"
"auth_method" : "PASSWORD"
}
POST /{user-id}/phones HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{
"number": "+44-7236-123459",
"type": "work",
"primary": "true"
}
POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{"frontline":
{"is_frontline": true}
}
POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{"frontline": {
"is_frontline": true,
"has_access": false
}
}
POST /{user-id}?active=false HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
To uset a previously set field, set the profile field to an empty setting. Note that the name
field can never be unset nor empty and the email
field cannot be cleared.
POST /{user-id}&title=&
HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
POST /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
{
"title" : ""
}
Profile photos can be updated by making a POST
call to the https://graph.facebook.com/{user-id}/profile_pictures
endpoint. Image data can be provided in jpg
or png
format and can be supplied as a publicly accessible URL or as a file upload. A caption can optionally be set for the photo.
POST graph.facebook.com
/{user-id}/profile_pictures?
image_url={...}&
caption={...}
POST graph.facebook.com
/{user-id}/profile_pictures?
caption={...}
Content-Type: multipart/form-data;
Content-Disposition: form-data; name="image_data"; filename="/profile_picture.png
Profile photos can be updated by making a POST
call to the https://graph.facebook.com/{user-id}/profile_pictures
endpoint. Image data can be provided in jpg
or png
format and can be supplied as a publicly accessible URL or as a file upload. A caption can optionally be set for the photo.
POST graph.facebook.com
/{user-id}/profile_pictures?
image_url={...}&
caption={...}
POST graph.facebook.com
/{user-id}/profile_pictures?
caption={...}
Content-Type: multipart/form-data;
Content-Disposition: form-data; name="image_data"; filename="/profile_picture.png
Profile data can be removed from deactivated users by making a POST
call to the https://graph.facebook.com/{user-id}/remove_profile_information
endpoint. This has the effect of removing personal information, including name and profile image, from a user account. A full list of fields from which data will be removed is provided. Posts and comments made by this person will remain available on Workplace.
Removing personal information is permanent and can't be undone. A profile where Remove Profile Information has been used cannot be restored, even if the same individual returns back to the organisation.
This endpoint can only be successfully called once a four day grace period has elapsed since the affected user account was deactivated.
The remove_profile_information
permission is requrired to call this endpoint successfully.
The following is the full list of field where data will be removed by the /remove_profile_information
endpoint:
POST /{user-id}/remove_profile_information HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}
User accounts which have never been claimed can be deleted by calling the https://graph.facebook.com/{user-id}
endpoint using the DELETE
verb.
The Provision user accounts permission is required to delete user accounts.
DELETE /{user-id} HTTP/1.1
Host: graph.facebook.com
Authorization: Bearer {your access token}