Using the Salesforce REST API, is there a way to create a user and also send out the activation email?

Question

In Salesforce, when I create a user via their REST API, no activation email is sent. There's also no ability to specify a password when the new user is created, which means the user cannot login. This also means the user can't verify their email at the same time as activating.

Is there a way to ensure an activation email gets sent to new SFDC users when they're created via API?

The Salesforce developer documentation is pretty lacking in this regard, so I'm not sure if I'm overlooking something.

The only two "solutions" I've come across are:

1. A SFDC admin has to manually press the "reset password" button for the user.
2. You need to make a second API call after the user is created, but this time to reset the password to whatever you want. Then I could set up a Flow to send an email to the user telling them what their initial password is. The problem with this approach is that the user's email is still unverified.

Tried adding a new user via API but no activation email was sent. Was expecting one to be sent.

Answer 1

Uh, good question!

"Normal" Apex has DmlOptions (triggerUserEmail) for that or System.resetPassword('user id goes here') call.

SOAP API has corresponding headers: https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_header_emailheader.htm

But looks like REST API is lacking and has only Case/Lead Assignment Rule header.

---

Would it be an option to try the SOAP route? Disappointing but you'd "just" have to craft the right XML, the session id (a.k.a. access_token, the "Authorization: Bearer ..." value) is reusable across APIs

Would it be an option to combine the REST calls into 1 "all or nothing" operation. It's called composite requests. Insert, then use the referenceId to call https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_sobject_user_password_delete.htm ? I've used composites in the past, not for user stuff but they're pretty cool: https://salesforce.stackexchange.com/a/274696/799 (for more complex integrations I'd still prefer to expose an Apex webservice for all-or-nothing atomic operation rather than trusting the calling system to do it right... but hey, it's there, it's neat, it's "just" a little more involved JSON to write)

Or you could write something in SF itself

• piece of Apex exposed as REST Service that inserts user (with dml options) or explicitly resets password
• or after insert trigger on User (check if user type is Standard, if Quiddity is REST and call System.resetPassword() for each of them)
• or a flow if you're after click-click-click solutions (flows can be called from REST... although no idea if there's something for dmloptions/pass reset in Flow editor)
• batch job running every 15 minutes sniffing for users with full license created today that have "Last Password Change or Reset = Never"? Crude but could work too.