# POST /api/v1/advisory-firms/{firm_id}/users

> Add user to firm

- **Tag:** advisory-firms
- **Operation ID:** `add_user_to_firm_api_v1_advisory_firms__firm_id__users_post`

## Description

Add a user to an advisory firm by user_id or email.

## Authentication

Bearer token in `Authorization` header.
Required header: `x-business-id: <business uuid>`.

## Parameters

- `firm_id` (path, string, required)

## Request body

Schema: `UserFirmAssociationCreateRequest`

- `user_id` (string) — User UUID. Supply either user_id or email.
- `email` (string) — User email. When provided without user_id, the backend resolves it.
- `role` (string) (one of: owner, admin, member, client) — User's role in the firm. `owner`: Full access + billing + user management. `admin`: Full access + user management (no billing). `member`: Access to assigned businesses only.

## Responses

### 201 — Successful Response

Schema: `UserFirmAssociationResponse`

- `id` (string · required)
- `user_id` (string · required)
- `advisory_firm_id` (string · required)
- `role` (string) (one of: owner, admin, member, client) — User's role in the firm. `owner`: Full access + billing + user management. `admin`: Full access + user management (no billing). `member`: Access to assigned businesses only.

### 422 — Validation Error

Schema: `HTTPValidationError`

- `detail` (array · ValidationError) → `ValidationError`
  - `loc` (array · string | integer · required)
  - `msg` (string · required)
  - `type` (string · required)
  - `input` (object)
  - `ctx` (object)

## Code samples

### cURL

```bash
curl -X POST 'https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users' \
  -H 'Authorization: Bearer dz_your_token' \
  -H 'x-business-id: YOUR_BUSINESS_ID' \
  -H 'Content-Type: application/json' \
  -d '{
  "user_id": "string",
  "email": "string",
  "role": "owner"
}'
```

### JavaScript

```javascript
const response = await fetch('https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer dz_your_token',
    'x-business-id': 'YOUR_BUSINESS_ID',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
  "user_id": "string",
  "email": "string",
  "role": "owner"
}),
});
const data = await response.json();
```

### Python

```python
import httpx

headers = {
    "Authorization": "Bearer dz_your_token",
    "x-business-id": "YOUR_BUSINESS_ID",
}

payload = {
  "user_id": "string",
  "email": "string",
  "role": "owner"
}

response = httpx.post("https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users", headers=headers, json=payload)
data = response.json()
```

## See also

- HTML version: https://www.ondayzero.com/docs/reference/advisory-firms/add-user-to-firm
- OpenAPI slice: https://www.ondayzero.com/docs/reference/advisory-firms/add-user-to-firm/openapi.json
- Other endpoints in **advisory-firms**: https://www.ondayzero.com/docs/reference/advisory-firms