Summary
The User API allows you to integrate your existing systems (such as HR, onboarding, or payroll applications) with the GAN Platform. By using the API, you can create, update, and manage users directly, ensuring that changes in your systems are reflected in GAN ICM in near real time.
This article provides an overview of the available endpoints, authentication, and usage guidelines.
At the end of this article, you’ll also find a short FAQ that answers some of the most common questions about tokens, workflows, and required fields when working with the API.
For questions, please reach out to your Customer Success Manager (CSM).
The User API documentation is accessible here.
Introduction
The user service exposes an Application Programming Interface (API), a software intermediary that enables external systems to communicate with GAN ICM. By enabling the user-service, tenants can in near real-time, create a user in their own system (e.g. HR, Onboarding, or Payroll application), which will also reflect in GAN ICM, and thus these users are immediately introduced to any applicable compliance processes. The tenant is defined by the subdomain (client name) of the instance i.e. .gan-compliance.com, whereby the subdomain enables the use of all GAN ICM services. After creating a new user profile in GAN ICM via the user-service, operations such as updating groups, campaigns, and access groups are performed, asynchronously.
Rate Limiting
GAN Integrity requires our tenants to be good API citizens to ensure a stable service. Therefore, we enforce the following rate-limits:
- 10 requests per second per IP Address
- 50 requests per second per tenant
- Should there be a violation of fair-use, requests will be automatically blocked.
Authentication
Aside from the documentation, endpoints require authentication via an Authorization Header, which is provided to tenants on request; the Implementation or Account Manager at GAN Integrity can facilitate a feature to generate API tokens (confidential access keys) on demand from the GAN ICM application.
Endpoints
The Users API supports the following operations:
| Action | Method | Path |
|---|---|---|
| Create a new user | POST | /users |
| Update a user profile | PATCH | /users/{uuid} |
| Retrieve a single user profile | GET | /users/{uuid} |
| Retrieve available attributes | GET | /available-attributes |
| Retrieve multiple user profiles | GET | /users |
All aforementioned requests will require authentication and are solely available to tenants of GAN Integrity.
FAQ
Do API tokens expire?
API tokens do not expire automatically. They remain valid until they are manually deactivated by a platform user with the appropriate permissions. If you need to replace a token, you can generate a new one and then disable the old token after updating any integrations.
What attributes are required when creating a user?
First name, Last name, Email, External ID.
This is the same for all methods of creating users in the platform. You can add more required attributes through the platform UI. These will then be required for all user creation sources.
How do I ensure my data is valid when sending through the API?
The API accepts and processes data as it is submitted. It is the responsibility of the integrating system to provide complete and valid input. As a best practice, validate and sanitize your data before sending it to ensure consistent results and to avoid integration errors.
Want to know more?
Suggested next read: Enabling the Users API for User Management
© 2026 GAN INTEGRITY INC. ALL RIGHTS RESERVED | The information contained in this document is solely for the intended recipient and may not be used, published or redistributed without the prior written consent of GAN INTEGRITY INC. While every care has been taken in preparing this document, GAN INTEGRITY INC. reserves the right to revise its contents without prior notice.