Users

The following REST endpoints are used to manage users in ProcessMaker.

Get Users List: GET /users

Returns a list of all users in the workspace, including users with "INACTIVE" and "VACATION" status. The users are returned in the order which they appear in the wf_<WORKSPACE>.USERS table.

GET /api/1.0/{workspace}/users?filter={filter}&start={start}&limit={limit}

URL Parameters:

Name Type Description
workspace String Workspace name

Optional GET Parameters:

Name Type Description
filter string Case insensitive string to search for in the user's first name, last name or username.
For example, "api/1.0/workspace/users?filter=mit" would return the users "smith", "Mitter" and "solmit".
start integer The number of users where the list begins. The counting starts from number 0, which is always the "admin" user.
For example, "api/1.0/workspace/users?start=3" would start the list of users with the fourth user.
limit integer The maximum number of users which are returned in the list.
For example if wanting to return 10 users at a time and there are 25 users in total, then call this endpoint 3 times:
"api/1.0/workspace/users?limit=10" (returns users 0-9)
"api/1.0/workspace/users?start=10&limit=10" (returns users 10-19)
"api/1.0/workspace/users?start=20&limit=10" (returns users 20-24)


Result:

If a successful request, the HTTP status code is 200 and it returns a JSON array of user objects with the following structure:

Element Description Example
[ Start array
{ Start user object
"usr_uid" User's unique ID. "11826545154db794ca22b52025081429"
"usr_username" The username, which is unique and is used to login to ProcessMaker "jdoe"
"usr_password" The MD5 hash for the user's password. "21232f297a57a5a743894a0e4a801fc3"
"usr_firstname" The user's first name. "John Jake"
"usr_lastname" The user's last name. "Doe"
"usr_email" The user's email address. "jdoe@example.com"
"usr_due_date" The date in "YYYY-MM-DD" when the user's account will expire. After this date, the user will not be able to login to ProcessMaker. "2020-01-01"
"usr_create_date" The datatime in "YYYY-MM-DD HH:MM:SS" format when the user was created. "2005-11-30 08:11:57"
"usr_update_date" The datetime in "YYYY-MM-DD HH:MM:SS" format when the user's record was last updated. "2014-05-23 18:36:19"
"usr_status" The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION" "ACTIVE"
"usr_country" Two letter ISO country code. See the wf_<WORKSPACE>.ISO_COUNTRY table in the database. "US" (United States)
"usr_city" One or two letter code to identify the region, state or province.

Note: This field is misnamed. See the wf_<WORKSPACE>.ISO_SUBDIVISION table in the database.

"FL" (Florida in the US)
"usr_location" Code which is 1 to 3 letters to identify the city or locality. See the wf_<WORKSPACE>.ISO_LOCATION table in the database. "MMK" (Miami Lakes in Florida)
"usr_address" The user's address. This field may contain line breaks (\n). "540 Mytle Lane"
"usr_phone" The user's phone number. "1-305-402-1234"
"usr_fax" The user's fax number. "1-305-402-0282"
"usr_cellular" The user's cellular telephone number. "1-305-675-1400"
"usr_zip_code" The user's zip or postal code "46135"
"dep_uid" The unique ID of the user's department. If the user isn't a member of a department then an empty string "". "54883398754db7993002ae1030708956"
"usr_position" The user's position. "Accountant"
"usr_resume" Always set to "" since the resume is no longer used. ""
"usr_birthday" The user's birthday in "YYYY-MM-DD" format. "1973-02-25"
"usr_role" The user's role, which can be "PROCESSMAKER_ADMIN", "PROCESSMAKER_OPERATOR", "PROCESSMAKER_MANAGER" or a custom role. "PROCESSMAKER_ADMIN"
"usr_reports_to" The unique ID of the manager to whom the user reports. This is used when using a Reports To assignment rule. If the user is not a member of a department, then an empty string "". "14680180454ca4477335a27034362107"
"usr_replaced_by" Unique ID of another user who will replace this user if status changes to "INACTIVE" or "VACATION". Set to empty string "" if there is no replacement user. "14680180454ca4477335a27034362107"
"usr_ux" The user experience, which is the type of interface seen by the user. It can be "NORMAL", "SWITCHABLE", "MOBILE" or "SINGLE". "NORMAL"
}, End user object.
... Additional user objects.
] End array.

If a bad request, than the HTTP status code is set to 400 or greater and it returns a JSON error object.

Example in JavaScript:
This JavaScript example creates a array of active users. It obtains the list of all the users for the workspace and stores it in an array named aUsers. Then it loops through the array and checks whether the user's status is "ACTIVE". If so, it adds the user's UID and username to an new array named aActiveUsers.

var accessToken = getCookie("access_token"); //custom function to get a stored cookie
if (!accessToken) {
   accessToken = getAccessToken(); //custom function to get a new access token
}

var reqUsers = new XMLHttpRequest();
//set address to your installation of ProcessMaker:
reqUsers.open("GET", "https://example.com/api/1.0/workflow/users", true);
reqUsers.setRequestHeader("Authorization", "Bearer " + accessToken);
reqUsers.onreadystatechange = function() {
   if (reqUsers.readyState==4 &amp;&amp; reqUsers.status==200) {
      var aActiveUsers = [];
      var aUsers = JSON.parse(reqUsers.responseText);

      for (var i = 0; i < aUsers.length; i++) {
          if (aUsers[i].usr_status == "ACTIVE") {
              aActiveUsers.push({
                 uid:      aUsers[i].usr_uid,
                 username: aUsers[i].usr_username
              });
          }
      }
   }
}
reqUsers.send(null);

Example in PHP:

This PHP example creates a array of active users. It obtains the list of all the users for the workspace and stores it in an array named $aUsers. Then it loops through the array and checks whether the user's status is "ACTIVE". If so, it adds the user's UID and username to an new array named $aActiveUsers.

$accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();
$apiServer = "https://example.com"; //set to your ProcessMaker address

$ch = curl_init($apiServer . "/api/1.0/workflow/users");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer " . $accessToken));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$aUsers = json_decode(curl_exec($ch));
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

$aActiveUsers = array();

if ($statusCode != 200) {
   if (isset ($aUsers) and isset($aUsers->error))
      print "Error code: {$aUsers->error->code}\nMessage: {$aUsers->error->message}\n";
   else
      print "Error: HTTP status code: $statusCode\n";
}
else {
   foreach ($aUsers as $oUser) {
      if ($oUser->usr_status == "ACTIVE") {
         $aActiveUsers[] = array("uid" => $oUser->usr_uid, "username" => $oUser->usr_username);
      }
   }
}

Get User Information: GET /user/{usr_uid}

Get information about a specified user.

GET /api/1.0/{workspace}/user/{usr_uid}

URL Parameters:

Name Type Description
workspace String Workspace name
usr_uid String User UID

Result:

Returns the HTTP status code 200 and the same user object as the GET /users endpoint. For example:

{
  usr_uid:         "66065213554dd1feb48fe79020620851",
  usr_username:    "johndoe",
  usr_password:    "5e8ff9bf55ba3508199d22e984129be6",
  usr_firstname:   "John",
  usr_lastname:    "Doe",
  usr_email:       "janedoe@example.com",
  usr_due_date:    "2020-12-31",
  usr_create_date: "2015-02-12 16:49:31",
  usr_update_date: "2015-02-12 16:49:31",
  usr_status:      "ACTIVE",
  usr_country:     "US",
  usr_city:        "IN",
  usr_location:    "GXQ",
  usr_address:     "740 Turtle Dove lane",
  usr_phone:       "1-765-653-4478",
  usr_fax:         "1-765-862-8712",
  usr_cellular:    "1-755-644-8723",
  usr_zip_code:    "46135",
  dep_uid:         "75740355754dd28ba73d7d6082172936",
  usr_position:    "Factory Foreman",
  usr_resume:      "",
  usr_birthday:    "1980-02-12",
  usr_role:        "PROCESSMAKER_OPERATOR",
  usr_reports_to:  "14680180454ca4477335a27034362107",
  usr_replaced_by: "14680180454ca4477335a27034362107",
  usr_ux:          "NORMAL"
}

If a bad request, then it returns the HTTP status code 400 and an error object like the following:

{
  error: {
    code: 400,
    message: "Bad Request: invalid value specified for `usr_uid`. Given string is too short"
  }
}

Example in PHP:

$apiServer = "https://example.com";           //set to your ProcessMaker address
$userId = '55324179754ca442baeb994077387342'; //set to the unique ID of a user

$accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();

$ch = curl_init($apiServer . '/api/1.0/workflow/user/' . $userId);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer " . $accessToken));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$oUser = json_decode(curl_exec($ch));

if (!isset($oUser)) {
   print "Error accessing $apiServer: \n" . curl_error($ch);
}
elseif (isset($oUser->error)) {
   print "Error in $apiServer: \nCode: {$oUser->error->code}\nMessage: {$oUser->error->message}\n";
}
else {
   $fullName = $oUser->usr_firstname . ' ' . $oUser->usr_lastname;
}
curl_close($ch);

Create User: POST /user

Create a new user.

Permission:

The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.

Structure:

POST /api/1.0/{workspace}/user

URL Parameters:

Name Type Description
workspace String Workspace name

POST Parameters:

Name Type Description
usr_username String Username which is used to login to ProcessMaker and is unique.
usr_firstname String User's first name
usr_lastname String User's last name
usr_email String User's email address
usr_due_date String The date in "YYYY-MM-DD" when the user's account will expire. After this date, the user will not be able to login to ProcessMaker. Ex: "2020-12-31"
usr_status String The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION".
usr_role String The user's role, which can be "PROCESSMAKER_ADMIN", "PROCESSMAKER_OPERATOR", "PROCESSMAKER_MANAGER" or a custom role.
usr_new_pass String The user's password. Remember that passwords should adhere to the password security policies.
usr_cnf_pass String Enter the password a second time to confirm it.
usr_address String Optional. The user's address. Use \n to include line breaks in the address. Ex: "345 Radcliff Drive\nC/O Brad Williams"
usr_zip_code String Optional. User's zip or postal code.
usr_country String Optional. Two letter ISO country code. See the wf_<WORKSPACE>.ISO_COUNTRY table in the database.
usr_city String Optional. One or two letter code to identify the region, state or province. Note: This field is misnamed. See the wf_<WORKSPACE>.ISO_SUBDIVISION table in the database.
usr_location String Optional. Code which is 1 to 3 letters long to identify the city or locality. See the wf_<WORKSPACE>.ISO_LOCATION table in the database.
usr_phone String Optional. The user's telephone number.
usr_position String Optional. The user's position in the organization.
usr_replaced_by String Optional. Unique ID of another user who will replace this user if his/her status changes to "INACTIVE" or "VACATION".
usr_calendar String Optional. The unique ID of the calendar which is used to calculate the due dates of tasks which the user is assigned to work on. To get the UID of a calendar, see the wf_<WORKSPACE>.CALENDAR_DEFINITION.CALENDAR_UID field in the database.
usr_time_zone string Optional parameter that is only available in the Enterprise Edition. The time zone of the user. Use one of the PHP time zones, such as "America/Mexico_City" or "Asia/Shanghai".
In the US, use these time zones:
US standard time zone PHP time zone
Eastern America/New_York
CentralAmerica/Chicago
MountainAmerica/Denver
Mountain no DSTAmerica/Phoenix
PacificAmerica/Los_Angeles
Alaska America/Anchorage
HawaiiAmerica/Adak
Hawaii no DSTPacific/Honolulu

Result:

If a user was successfully created, the HTTP status code will be set to 200 and a JSON object with information about the new user is returned:

{
  usr_uid:         "75740355754dd28ba73d7d6082172936",
  usr_username:    "janedoe",
  usr_password:    "5e8ff9bf55ba3508199d22e984129be6",
  usr_firstname:   "Jane",
  usr_lastname:    "Doe",
  usr_email:       "janedoe@example.com",
  usr_due_date:    "2020-12-31",
  usr_create_date: "2015-02-12 17:27:06",
  usr_update_date: "2015-02-12 17:27:06",
  usr_status:      "ACTIVE",
  usr_country:     "US",
  usr_city:        "IN",
  usr_location:    "GXQ",
  usr_address:     "740 Turtle Dove lane",
  usr_phone:       "1-765-653-4478",
  usr_fax:         "",
  usr_cellular:    "",
  usr_zip_code:    "46135",
  dep_uid:         "",
  usr_position:    "Head Accountant",
  usr_resume:      "",
  usr_birthday:    "2015-02-12",
  usr_role:        "PROCESSMAKER_OPERATOR",
  usr_reports_to:  "",
  usr_replaced_by: "14680180454ca4477335a27034362107",
  usr_ux:          "NORMAL"
}

If an error occurred, the HTTP status code will be set to 400 or greater and a JSON object will be returned like the following:

{
  error: {
    code:    400,
    message: "Bad Request: usr_username. Username 'janedoe' already exists"
  }
}

PHP Example:

$apiServer = "https://example.com"; //set to your ProcessMaker address

$accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();

$postParams = array(
   'usr_username'   => "janedoe",
   'usr_firstname'  => "Jane",
   'usr_lastname'   => "Doe",
   'usr_email'      => "janedoe@example.com",
   'usr_due_date'   => "2020-12-31",
   'usr_status'     => "ACTIVE",
   'usr_role'       => "PROCESSMAKER_OPERATOR",
   'usr_new_pass'   => "p4s5w0rD",
   'usr_cnf_pass'   => "p4s5w0rD",
   'usr_address'    => "740 Turtle Dove lane",
   'usr_zip_code'   => "46135",
   'usr_country'    => "US",
   'usr_city'       => "IN",
   'usr_location'   => "GXQ",
   'usr_phone'      => "1-765-653-4478",
   'usr_position'   => "Head Accountant",
   'usr_replaced_by'=> "14680180454ca4477335a27034362107",
   'usr_calendar'   => "91552296454dd0c63c477c6014743059"
);

$ch = curl_init($apiServer . "/api/1.0/workflow/user");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer $accessToken"));
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postParams);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$oUser = json_decode(curl_exec($ch));

if (!isset($oUser)) {
   print "Error accessing $apiServer: \n" . curl_error($ch);
}
elseif (isset($oUser->error)) {
   print "Error in $apiServer: \nCode: {$oUser->error->code}\nMessage: {$oUser->error->message}\n";
}
else {
   print "User '{$oUser->usr_username}' created with UID: {$oUser->usr_uid}\n";
}
curl_close($ch);

Upload User Image: POST /user/{usr_uid}/image-upload

Upload an image of the specified user, which will appear in the user's profile screen.

Permission:

The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.

Structure:

POST /api/1.0/{workspace}/user/{usr_uid}/image-upload

URL Parameters:

Name Type Description
workspace String Workspace name
usr_uid String User UID

POST Parameters:

Name Type Description Examples
USR_PHOTO string The full path on the ProcessMaker server where the image file is located. The image file must be JPEG, PNG or GIF format.
Note: If using PHP, make sure to place @ in front of the path to suppress error messages. Otherwise, this endpoint will not work.
"/home/bob/images/myphoto.jpg"
"C:\Users\bob\images\myphoto.gif"

Result:
Returns an HTTP status code of 200 if the image was uploaded correctly. Otherwise, returns 0.

PHP Example:

$apiServer = 'https://example.com';           //set to your ProcessMaker address
$userId = '55324179754ca442baeb994077387342'; //set the unique ID of a user
$filePath = '/home/user/images/photo.jpg';    //set the file to upload

$accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();

$ch = curl_init($apiServer . "/api/1.0/workflow/user/$userId/image-upload");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer $accessToken"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1);

//Notice the @ to suppress error messages:
curl_setopt($ch, CURLOPT_POSTFIELDS, array('USR_PHOTO' => "@" . $filePath));

curl_exec($ch);
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if ($statusCode != 200) {
   print "Error uploading user image:\nHTTP status code: $statusCode\n";
}
curl_close($ch);

If needing to upload image files which are not located on the ProcessMaker server, first use ssh2_scp_send() to copy the files to the ProcessMaker server, then use the code above to call the /api/1.0/{workspace}/user/{usr_uid}/image-upload endpoint.

$path = '/path/to/file/image.jpg';         //set the path of the image file on the local computer
$filename = basename($path);
$conn = ssh2_connect('www.example.com');   //set to the address of the ProcessMaker server
ssh2_auth_password($conn, 'username', 'password'); //set username &amp; password to login to ProcessMaker server

ssh2_scp_send($conn, $path, "/remote/dir/$filename");

Update User Information: PUT /user/{usr_uid}

Update the information about a specified user.

Permission:

The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.

Structure:

PUT /api/1.0/{workspace}/user/{usr_uid}

URL Parameters:

Name Type Description
workspace String Workspace name
usr_uid String User UID

PUT Parameters:

Only set the fields which need to be updated. PUT parameters need to be URL-encoded. In PHP, place the parameters in an associative array and use http_build_query() to encode it. In JavaScript, place the parameters in an object and then use encodeURIComponent() to encode it.

Name Type Description
usr_username String Optional. Username which is used to login to ProcessMaker and is unique.
usr_firstname String Optional. User's first name
usr_lastname String Optional. User's last name
usr_email String Optional. User's email address
usr_due_date String Optional. The date in "YYYY-MM-DD" when the user's account will expire. After this date, the user will not be able to login to ProcessMaker. Ex: "2020-12-31"
usr_status String Optional. The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION".
usr_role String Optional. The user's role, which can be "PROCESSMAKER_ADMIN", "PROCESSMAKER_OPERATOR", "PROCESSMAKER_MANAGER" or a custom role.
usr_address String Optional. The user's address. Use \n to include line breaks in the address. Ex: "345 Radcliff Drive\nC/O Brad Williams"
usr_zip_code String Optional. User's zip or postal code.
usr_country String Optional. Two letter ISO country code. See the wf_<WORKSPACE>.ISO_COUNTRY table in the database.
usr_city String Optional. One or two letter code to identify the region, state or province. Note: This field is misnamed. See the wf_<WORKSPACE>.ISO_SUBDIVISION table in the database.
usr_location String Optional. Code which is 1 to 3 letters long to identify the city or locality. See the wf_<WORKSPACE>.ISO_LOCATION table in the database.
usr_phone String Optional. The user's telephone number.
usr_cellular String Optional. The user's cellular phone number.
usr_fax String Optional. The user's fax number.
usr_position String Optional. The user's position in the organization.
usr_birthday String Optional. The user's birthday in "YYYY-MM-DD" format. Ex: "1984-08-23"
usr_replaced_by String Optional. Unique ID of another user who will replace this user if his/her status changes to "INACTIVE" or "VACATION".
usr_new_pass String Optional. The user's password. Remember that passwords should adhere to the password security policies.
usr_cnf_pass String Optional. Enter the password a second time to confirm it. If this password doesn't match the one in usr_new_pass, then an error will occur.

Result:

If the user account was updated, the HTTP status code is set to 200 and it returns the following object with the updated information about the user:

{
  usr_uid:         "55324179754ca442baeb994077387342"
  usr_username:    "molly"
  usr_password:    "2b06a2251d39e28f8220696766dcd136"
  usr_firstname:   "Molly"
  usr_lastname:    "Moe"
  usr_email:       "molly@example.com"
  usr_due_date:    "2023-12-31"
  usr_create_date: "2015-01-20 09:31:07"
  usr_update_date: "2015-02-13 14:37:25"
  usr_status:      "VACATION"
  usr_country:     "US"
  usr_city:        "IN"
  usr_location:    "GXQ"
  usr_address:     "Dept 66\n740 Turtle Dove lane"
  usr_phone:       "1-765-653-4444"
  usr_fax:         "1-765-658-3574"
  usr_cellular:    "1-765-658-3571"
  usr_zip_code:    "46135"
  dep_uid:         "11826545154db794ca22b52025081429"
  usr_position:    "Head Accountant"
  usr_resume:      ""
  usr_birthday:    "1982-01-29"
  usr_role:        "PROCESSMAKER_MANAGER"
  usr_reports_to:  "14680180454ca4477335a27034362107"
  usr_replaced_by: "14680180454ca4477335a27034362107"
  usr_ux:          "SINGLE"
}

If an error occurred, the HTTP status code is set to 400 and an error object like the following is returned:

{
   error: {
      code:    400
      message: "Bad Request: usr_username. Username 'janedoe' already exists"
   }
}

PHP Example:
The following example, changes the status to "VACATION" and sets the user who will replace this user when she goes on vacation.

$apiServer = "https://example.com";            //set to your ProcessMaker address
$userId = "75740355754dd28ba73d7d6082172937";  //set to the unique ID of a user

$accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();

$postParams = array(
  'usr_status'      => "VACATION",
  'usr_replaced_by' => "14680180454ca4477335a27034362107"
);

$ch = curl_init($apiServer . "/api/1.0/workflow/user/" . $userId);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer $accessToken"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postParams));
$oResult = json_decode(curl_exec($ch));
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if (isset($oResult) and isset($oResult->error)) {
   print "Error in $apiServer: \nCode: {$oResult->error->code}\nMessage: {$oResult->error->message}\n";
}
elseif (isset($oResult) and isset($oResult->usr_uid)) {
   print "User '{$oResult->usr_uid}' updated:\n";
   print_r($oResult);
}
else {
   print "Error updating user: HTTP status code: $statusCode\n";
}
curl_close($ch);

Note that the following line sets the request to be a PUT request:

curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");

Also note that the POST parameters need to be passed to http_build_query() to generate a URL-encoded query string which can be used with PUT requests.

Delete User: DELETE /user/{usr_uid}

Delete a specified user. This endpoint sets the wf_<WORKSPACE>.USERS.USR_USERNAME field to "" (empty string) in the database, so that the user can no longer be used, but it does NOT delete the user's record from the database.

Permission:

The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.

Structure:

DELETE /api/1.0/{workspace}/user/{usr_uid}

URL Parameters:

Name Type Description
workspace String Workspace name
usr_uid String User UID

Result:

If the user was successfully deleted, then the HTTP response code will be 200. If an error occurs, then the HTTP response code is set to 400 and an object like the following is returned:

{
  error: {
    code:    400
    message: "Bad Request: The row '75740355754dd28ba73d7d6082172937' in table USER doesn't exist!"
  }
}

PHP Example:

$apiServer = "https://example.com"; //set to your ProcessMaker address
$userId    = "75740355754dd28ba73d7d6082172937"; //set to a user's ID
$accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();

$ch = curl_init($apiServer . "/api/1.0/workflow/user/$userId");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer $accessToken"));
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
$oResult = json_decode(curl_exec($ch));
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if ($statusCode != 200) {
   if (isset($oResult) and isset($oResult->error)) {
      print "Error in $apiServer: \nCode: {$oResult->error->code}\nMessage: {$oResult->error->message}\n";
   }
   else {
      print "Error: HTTP status code: $statusCode\n";
   }
}
curl_close($ch);