Method: projects.tenants.accounts.batchCreate

Uploads multiple accounts into the Google Cloud project. If there is a problem uploading one or more of the accounts, the rest will be uploaded, and a list of the errors will be returned. To use this method requires a Google OAuth 2.0 credential with proper permissions.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/projects/{targetProjectId}/tenants/{tenantId}/accounts:batchCreate

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
targetProjectId

string

The Project ID of the Identity Platform project which the account belongs to.

Authorization requires the following IAM permission on the specified resource targetProjectId:

  • firebaseauth.users.create
tenantId

string

The ID of the Identity Platform tenant the account belongs to.

Request body

The request body contains data with the following structure:

JSON representation
{
  "hashAlgorithm": string,
  "signerKey": string,
  "saltSeparator": string,
  "rounds": integer,
  "memoryCost": integer,
  "users": [
    {
      object (UserInfo)
    }
  ],
  "delegatedProjectNumber": string,
  "sanityCheck": boolean,
  "allowOverwrite": boolean,
  "cpuMemCost": integer,
  "parallelization": integer,
  "blockSize": integer,
  "dkLen": integer,
  "passwordHashOrder": enum (PasswordHashOrder),
  "argon2Parameters": {
    object (Argon2Parameters)
  }
}
Fields
hashAlgorithm

string

Required. The hashing function used to hash the account passwords. Must be one of the following: * HMAC_SHA256 * HMAC_SHA1 * HMAC_MD5 * SCRYPT * PBKDF_SHA1 * MD5 * HMAC_SHA512 * SHA1 * BCRYPT * PBKDF2_SHA256 * SHA256 * SHA512 * STANDARD_SCRYPT * ARGON2

signerKey

string (bytes format)

The signer key used to hash the password. Required for the following hashing functions: * SCRYPT, * HMAC_MD5, * HMAC_SHA1, * HMAC_SHA256, * HMAC_SHA512

A base64-encoded string.

saltSeparator

string (bytes format)

One or more bytes to be inserted between the salt and plain text password. For stronger security, this should be a single non-printable character.

A base64-encoded string.

rounds

integer

The number of rounds used for hash calculation. Only required for the following hashing functions: * MD5 * SHA1 * SHA256 * SHA512 * PBKDF_SHA1 * PBKDF2_SHA256 * SCRYPT

memoryCost

integer

Memory cost for hash calculation. Only required when the hashing function is SCRYPT.

users[]

object (UserInfo)

A list of accounts to upload. localId is required for each user; everything else is optional.

delegatedProjectNumber
(deprecated)

string (int64 format)

sanityCheck

boolean

If true, the service will do the following list of checks before an account is uploaded: * Duplicate emails * Duplicate federated IDs * Federated ID provider validation If the duplication exists within the list of accounts to be uploaded, it will prevent the entire list from being uploaded. If the email or federated ID is a duplicate of a user already within the project/tenant, the account will not be uploaded, but the rest of the accounts will be unaffected. If false, these checks will be skipped.

allowOverwrite

boolean

Whether to overwrite an existing account in Identity Platform with a matching localId in the request. If true, the existing account will be overwritten. If false, an error will be returned.

cpuMemCost

integer

The CPU memory cost parameter to be used by the STANDARD_SCRYPT hashing function. This parameter, along with blockSize and cpuMemCost help tune the resources needed to hash a password, and should be tuned as processor speeds and memory technologies advance.

parallelization

integer

The parallelization cost parameter to be used by the STANDARD_SCRYPT hashing function. This parameter, along with blockSize and cpuMemCost help tune the resources needed to hash a password, and should be tuned as processor speeds and memory technologies advance.

blockSize

integer

The block size parameter used by the STANDARD_SCRYPT hashing function. This parameter, along with parallelization and cpuMemCost help tune the resources needed to hash a password, and should be tuned as processor speeds and memory technologies advance.

dkLen

integer

The desired key length for the STANDARD_SCRYPT hashing function. Must be at least 1.

passwordHashOrder

enum (PasswordHashOrder)

Password and salt order when verify password.

argon2Parameters

object (Argon2Parameters)

The parameters for Argon2 hashing algorithm.

Response body

If successful, the response body contains an instance of UploadAccountResponse.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.