Skip to content
Docs
Users
Retrieve

Get user

API Reference
Zones
Users

Get user

GET/zones/{zoneId}/users/{id}

Returns details of a specific user by user ID

Path ParametersExpand Collapse
zoneId: string
id: string
ReturnsExpand Collapse
User = object { id, created_at, email, 13 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time
email: string

Email address of the user

formatemail
email_verified: boolean

Whether the email address has been verified

identifier: string

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: string

Organization that owns this user

status: "active" or "disabled"

Status of the user. Disabled users cannot authenticate.

Accepts one of the following:
"active"
"disabled"
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user belongs to

authenticated_at: optional string

Date when the user was last authenticated

grant_count: optional number

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0
issuer: optional string

Issuer identifier of the identity provider

provider_id: optional string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

role_assignments: optional array of object { role_id, role_identifier, scope }

Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.

role_id: string

ID of the assigned role

role_identifier: string

Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.

minLength1
maxLength255
scope: object { id, type }

The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).

id: string

The ID of the scoped resource.

type: string

The kind of resource this grant is scoped to (e.g. zone).

session_count: optional number

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0
subject: optional string

Subject identifier from the identity provider

Get user

curl https://api.keycard.ai/zones/$ZONE_ID/users/$ID
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "email": "dev@stainless.com",
  "email_verified": true,
  "identifier": "identifier",
  "organization_id": "organization_id",
  "status": "active",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "authenticated_at": "authenticated_at",
  "grant_count": 0,
  "issuer": "issuer",
  "provider_id": "provider_id",
  "role_assignments": [
    {
      "role_id": "role_id",
      "role_identifier": "x",
      "scope": {
        "id": "id",
        "type": "type"
      }
    }
  ],
  "session_count": 0,
  "subject": "subject"
}
Returns Examples
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "email": "dev@stainless.com",
  "email_verified": true,
  "identifier": "identifier",
  "organization_id": "organization_id",
  "status": "active",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "authenticated_at": "authenticated_at",
  "grant_count": 0,
  "issuer": "issuer",
  "provider_id": "provider_id",
  "role_assignments": [
    {
      "role_id": "role_id",
      "role_identifier": "x",
      "scope": {
        "id": "id",
        "type": "type"
      }
    }
  ],
  "session_count": 0,
  "subject": "subject"
}