About Sync Gateway users and their role in secure cloud-to-edge enterprise data synchronization.
    Here we introduce the concept of users and their role in assuring secure access control within Sync Gateway.

    Related concepts topics: Users | Roles | Channels | Revisions | Tombstones


    Users are one of the cornerstone concepts behind Sync Gateway's access control feature.

    You can authorize users and control their access to your database by creating user accounts and assigning roles to users. This topic focuses on how to authorize users to be able to access the Sync Gateway and their remote databases.


    The user must be created on Sync Gateway before it can be used for authentication — see also: User Authentication.

    Sync Gateway users and roles have no relationship to Couchbase Server’s RBAC (Role-base Access Control) users.

    You create Users through either the Admin REST API or Configuration Properties.

    Admin REST API

    Create a new user by sending a PUT request to /{tkn-db}/_user/{name} or by sending a POST request to /{tkn-db}/_user, where db is the configured name of the database and name is the user name.

    The user credentials (username/password) are passed in the request body.

    $ curl -vX POST "http://localhost:4985/mydatabase/_user/" -H "accept: application/json" -H "Content-Type: application/json" -d '{"name": "john", "password": "pass"}'

    The Admin REST API is for administrator use only, and hence is not accessible from the clients directly. To allow users to sign up, it is recommended to have an app server sitting alongside Sync Gateway that performs the user validation, creates a new user on this API and then returns the response to the application.

    Additionally, this API can be used in conjunction with a 3rd party server for the authentication process (see Custom authentication).

    Lastly, Sync Gateway supports OpenID Connect authentication. In this case, Sync Gateway can automatically create users for successfully authenticated users that don’t have an already existing user in Sync Gateway.

    Configuration file

    Create users by hardcoding their credentials in the Configuration Properties. This method is convenient for testing and to get started, otherwise it is generally recommended to use the Admin REST API for a programmatic behavior.

      "databases": {
        "mydatabase": {
          "users": { (1)
            "GUEST": {"disabled": true},
            "john": {"password": "pass"}