# Create users and tokens

The users of your integrations (end users) need to have corresponding Tray user records so you can attach auths to them and run integrations (call connectors) on their behalf.

This page shows how you can create a user and then their access token (to be used for attaching auths, and calling connectors)

## Creating a user

To create an end user in your Tray org, you have to use the  from Users API (GraphQL)

This endpoint accepts an external identifier so you can link the created Tray user with an identifier in your system.

The endpoint returns a userId that will be used to identify the user when using Tray APIs:

```graphql mutation
mutation {
  createExternalUser(
    input: { name: "Billy Bluehat", externalUserId: "96xxxxxxd7" }
  ) {
    userId
  }
}
```

```graphql response
{
    "data": {
        "createExternalUser": {
            "userId": "fbb96559-xxxx-xxxx-xxxx-5552c2d2fca4"
        }
    }}
```

### User Model

Here's a diagram of how the one-to-one mapping would look between your users and their corresponding Tray user object.

![user-model-diagram](https://tray.ai/documentation/images/developer-portal/user-model-diagram.png)

## Create a User access token

Once a user has been created, the  from Users API (GraphQL) can be used to generate an access token for the created user.

A master token and the `userId` for the user created in the previous step are used in the request below to obtain the access token.

The access token obtained here will be **valid for 2 days**:

```grahpql mutation
mutation {
    authorize(input: {userId: "fbb96559-xxxx-xxxx-xxxx-5552c2d2fca4"}) {
        accessToken
    }}
```

```response
{
    "data": {
        "authorize": {
            "accessToken": "0c8c8e16e39e4xxxxxxxxxxxxxxxxxxxxxx49545b584e307063710d1ee"
        }
    }}
```