Add REST API Endpoint to Set the Trusted Attribute of a User

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Currently Trusting and Untrusting a user is managed by Administrators through GitLab's Admin area. This is useful but for customers managing users via automation this presents a roadblock that can only be addressed manually at the moment.

Proposal

Add a new API endpoint to Trust or Untrust a user:

POST /users/:id/trust
POST /users/:id/untrust

The endpoint will:

• Require appropriate authentication and authorization
• Be rate-limited to prevent abuse
• Be accessible only to users with Administrator access or higher

Intended users

Administrators

Feature Usage Metrics

We will track:

• Number of API calls to the key retrieval endpoint
• Error rates and types for the endpoint

Does this feature require an audit event?

Currently Trusting a user does not create an audit event.