Skip to content
Docs
Users
Retrieve

Get user

API Reference
Zones
Users

Get user

zones.users.retrieve(strid, UserRetrieveParams**kwargs) -> User
GET/zones/{zoneId}/users/{id}

Returns details of a specific user by user ID

ParametersExpand Collapse
zone_id: str
id: str
ReturnsExpand Collapse
class User:

An authenticated user entity

id: str

Unique identifier of the user

created_at: datetime

Entity creation timestamp

formatdate-time
email: str

Email address of the user

formatemail
email_verified: bool

Whether the email address has been verified

identifier: str

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: str

Organization that owns this user

status: Literal["active", "disabled"]

Status of the user. Disabled users cannot authenticate.

Accepts one of the following:
"active"
"disabled"
updated_at: datetime

Entity update timestamp

formatdate-time
zone_id: str

Zone this user belongs to

authenticated_at: Optional[str]

Date when the user was last authenticated

grant_count: Optional[int]

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0
issuer: Optional[str]

Issuer identifier of the identity provider

provider_id: Optional[str]

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

role_assignments: Optional[List[RoleAssignment]]

Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.

role_id: str

ID of the assigned role

role_identifier: str

Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.

minLength1
maxLength255
scope: Optional[RoleAssignmentScope]

The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).

id: str

The ID of the scoped resource.

type: str

The kind of resource this grant is scoped to (e.g. zone).

session_count: Optional[int]

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0
subject: Optional[str]

Subject identifier from the identity provider

Get user

from keycardai_api import KeycardAPI

client = KeycardAPI()
user = client.zones.users.retrieve(
    id="id",
    zone_id="zoneId",
)
print(user.id)
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "email": "dev@stainless.com",
  "email_verified": true,
  "identifier": "identifier",
  "organization_id": "organization_id",
  "status": "active",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "authenticated_at": "authenticated_at",
  "grant_count": 0,
  "issuer": "issuer",
  "provider_id": "provider_id",
  "role_assignments": [
    {
      "role_id": "role_id",
      "role_identifier": "x",
      "scope": {
        "id": "id",
        "type": "type"
      }
    }
  ],
  "session_count": 0,
  "subject": "subject"
}
Returns Examples
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "email": "dev@stainless.com",
  "email_verified": true,
  "identifier": "identifier",
  "organization_id": "organization_id",
  "status": "active",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "authenticated_at": "authenticated_at",
  "grant_count": 0,
  "issuer": "issuer",
  "provider_id": "provider_id",
  "role_assignments": [
    {
      "role_id": "role_id",
      "role_identifier": "x",
      "scope": {
        "id": "id",
        "type": "type"
      }
    }
  ],
  "session_count": 0,
  "subject": "subject"
}