Skip to main content

Advantages

  • Programmatic user provisioning: Creates API-only OpenFunnel users on behalf of downstream end-users, so orchestrators can grant access without a manual signup flow.
  • Shared provider billing: Maps created users under the provider’s domain, which keeps usage and credits consolidated under the provider account.
  • Ready-to-use API credentials: Returns a new API key for the provisioned user, making it easy to hand off authenticated OpenFunnel access immediately.

Installation

npx skills add openfunnel/openfunnel --skill provision-user

Copy skill directly

---
name: orchestrator-provision-users
description: Create API-only OpenFunnel users on behalf of end-users. For orchestrator providers who programmatically provision access.
---

# Provision User Skill

For orchestrator providers who need to create OpenFunnel API users for their end-users programmatically.

## How It Works

The orchestrator has an API key with provisioner access. When their end-user needs OpenFunnel access, this skill creates an API-only user mapped to the provider's domain. Credits are shared across the provider's domain — the provider pays for all users they create.

**The created user:**
- Gets their own API key
- Can only access OpenFunnel via API (no UI login)
- Is billed under the orchestrator's domain

**Email mapping:** The end-user's email prefix is mapped to the Orchestrator's domain.
- Orhestrator's: `host@orchestrator.com`
- End-user's actual email: `alice@alice-startup.com`
- Created as: `alice@orchestrator.com`

This ensures all provisioned users share the orchestrator's credit pool.

## Workflow

### 1. Get the end-user's email

Ask for the end-user's email address.

### 2. Construct the internal email

Extract the prefix from the end-user's email, combine with the orchestrator's domain:

```
End-user email: alice@alice-startup.com
Orchestrator email: guy@orchestrator.com

→ Internal email: alice@orchestrator.com
```

The Orchestrator's domain comes from the `X-User-ID` header (the Orchestrator's own email).

### 3. Create the user

```
POST /api/v1/admin/create-user
Headers:
  X-API-Key: {orchestrator's API key}
  X-User-ID: {orchestrator's email}
Body:
  { "email": "alice@orchestrator.com" }
```

### 4. Return the API key

```
User created:

**Email:** alice@orchestrator.com
**API Key:** {api_key from response}

This user can now access OpenFunnel via API using these credentials.
```

## API Endpoint

`POST /api/v1/admin/create-user`

**Requires:** Orchestrator must have `is_provisioner` enabled on their account.

**Request:**
- `email` (string) — the constructed internal email

**Response:**
- `id` — user ID
- `email` — the internal email
- `api_key` — the new user's API key