# Users

## List

`client.organizations.users.list(stringorganizationID, UserListParamsparams?, RequestOptionsoptions?): UserListResponse`

**get** `/organizations/{organization_id}/users`

List users in an organization

### Parameters

- `organizationID: string`

  Organization ID or label identifier

- `params: UserListParams`

  - `after?: string`

    Query param: Cursor for forward pagination

  - `before?: string`

    Query param: Cursor for backward pagination

  - `expand?: Array<"permissions" | "total_count">`

    Query param: Fields to expand in the response. Supports "permissions" to include the permissions
    field with the caller's permissions for the resource. For list organization identities
    only, "total_count" populates pagination.total_count with the number of identities
    matching the same filters as the list (excluding cursor and limit). Other operations
    ignore expand values they do not use.

    - `"permissions"`

    - `"total_count"`

  - `limit?: number`

    Query param: Maximum number of users to return

  - `role?: OrganizationRole`

    Query param: Filter users by role

    - `"org_admin"`

    - `"org_member"`

    - `"org_viewer"`

  - `xClientRequestID?: string`

    Header param: Unique request identifier specified by the originating caller and passed along by proxies.

### Returns

- `UserListResponse`

  - `items: Array<OrganizationUser>`

    - `id: string`

      The keycard account ID

    - `created_at: string`

      The time the entity was created in utc

    - `role: OrganizationRole`

      User's role in the organization

      - `"org_admin"`

      - `"org_member"`

      - `"org_viewer"`

    - `source: string`

      Identity provider issuer

    - `status: OrganizationStatus`

      Status of organization membership

      - `"active"`

      - `"disabled"`

    - `updated_at: string`

      The time the entity was mostly recently updated in utc

    - `email?: string`

      User email address

    - `permissions?: Record<string, Record<string, boolean>>`

      Permissions granted to the authenticated principal for this resource.
      Only populated when the 'expand[]=permissions' query parameter is provided.
      Keys are resource types (e.g., "organizations"), values are objects mapping
      permission names to boolean values indicating if the permission is granted.

  - `page_info: PageInfoCursor`

    Pagination information using cursor-based pagination

    - `has_next_page: boolean`

      Whether there are more items after the current page

    - `has_prev_page: boolean`

      Whether there are more items before the current page

    - `end_cursor?: string`

      Cursor pointing to the last item in the current page

    - `start_cursor?: string`

      Cursor pointing to the first item in the current page

  - `permissions?: Record<string, Record<string, boolean>>`

    Permissions granted to the authenticated principal for this resource.
    Only populated when the 'expand[]=permissions' query parameter is provided.
    Keys are resource types (e.g., "organizations"), values are objects mapping
    permission names to boolean values indicating if the permission is granted.

### Example

```typescript
import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const users = await client.organizations.users.list('x');

console.log(users.items);
```

## Retrieve

`client.organizations.users.retrieve(stringuserID, UserRetrieveParamsparams, RequestOptionsoptions?): OrganizationUser`

**get** `/organizations/{organization_id}/users/{user_id}`

Get a specific user in an organization

### Parameters

- `userID: string`

  Identifier for API resources. A 26-char nanoid (URL/DNS safe).

- `params: UserRetrieveParams`

  - `organization_id: string`

    Path param: Organization ID or label identifier

  - `expand?: Array<"permissions" | "total_count">`

    Query param: Fields to expand in the response. Supports "permissions" to include the permissions
    field with the caller's permissions for the resource. For list organization identities
    only, "total_count" populates pagination.total_count with the number of identities
    matching the same filters as the list (excluding cursor and limit). Other operations
    ignore expand values they do not use.

    - `"permissions"`

    - `"total_count"`

  - `xClientRequestID?: string`

    Header param: Unique request identifier specified by the originating caller and passed along by proxies.

### Returns

- `OrganizationUser`

  - `id: string`

    The keycard account ID

  - `created_at: string`

    The time the entity was created in utc

  - `role: OrganizationRole`

    User's role in the organization

    - `"org_admin"`

    - `"org_member"`

    - `"org_viewer"`

  - `source: string`

    Identity provider issuer

  - `status: OrganizationStatus`

    Status of organization membership

    - `"active"`

    - `"disabled"`

  - `updated_at: string`

    The time the entity was mostly recently updated in utc

  - `email?: string`

    User email address

  - `permissions?: Record<string, Record<string, boolean>>`

    Permissions granted to the authenticated principal for this resource.
    Only populated when the 'expand[]=permissions' query parameter is provided.
    Keys are resource types (e.g., "organizations"), values are objects mapping
    permission names to boolean values indicating if the permission is granted.

### Example

```typescript
import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const organizationUser = await client.organizations.users.retrieve('ab3def8hij2klm9opq5rst7uvw', {
  organization_id: 'x',
});

console.log(organizationUser.id);
```

## Update

`client.organizations.users.update(stringuserID, UserUpdateParamsparams, RequestOptionsoptions?): OrganizationUser`

**patch** `/organizations/{organization_id}/users/{user_id}`

Update user status in an organization

### Parameters

- `userID: string`

  Identifier for API resources. A 26-char nanoid (URL/DNS safe).

- `params: UserUpdateParams`

  - `organization_id: string`

    Path param: Organization ID or label identifier

  - `role?: OrganizationRole`

    Body param: New role for the user in the organization

    - `"org_admin"`

    - `"org_member"`

    - `"org_viewer"`

  - `status?: OrganizationStatus`

    Body param: New status for the user in the organization

    - `"active"`

    - `"disabled"`

  - `xClientRequestID?: string`

    Header param: Unique request identifier specified by the originating caller and passed along by proxies.

### Returns

- `OrganizationUser`

  - `id: string`

    The keycard account ID

  - `created_at: string`

    The time the entity was created in utc

  - `role: OrganizationRole`

    User's role in the organization

    - `"org_admin"`

    - `"org_member"`

    - `"org_viewer"`

  - `source: string`

    Identity provider issuer

  - `status: OrganizationStatus`

    Status of organization membership

    - `"active"`

    - `"disabled"`

  - `updated_at: string`

    The time the entity was mostly recently updated in utc

  - `email?: string`

    User email address

  - `permissions?: Record<string, Record<string, boolean>>`

    Permissions granted to the authenticated principal for this resource.
    Only populated when the 'expand[]=permissions' query parameter is provided.
    Keys are resource types (e.g., "organizations"), values are objects mapping
    permission names to boolean values indicating if the permission is granted.

### Example

```typescript
import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const organizationUser = await client.organizations.users.update('ab3def8hij2klm9opq5rst7uvw', {
  organization_id: 'x',
});

console.log(organizationUser.id);
```

## Delete

`client.organizations.users.delete(stringuserID, UserDeleteParamsparams, RequestOptionsoptions?): void`

**delete** `/organizations/{organization_id}/users/{user_id}`

Remove a user from an organization

### Parameters

- `userID: string`

  Identifier for API resources. A 26-char nanoid (URL/DNS safe).

- `params: UserDeleteParams`

  - `organization_id: string`

    Path param: Organization ID or label identifier

  - `xClientRequestID?: string`

    Header param: Unique request identifier specified by the originating caller and passed along by proxies.

### Example

```typescript
import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

await client.organizations.users.delete('ab3def8hij2klm9opq5rst7uvw', { organization_id: 'x' });
```

## Domain Types

### Organization Role

- `OrganizationRole = "org_admin" | "org_member" | "org_viewer"`

  User's role in the organization

  - `"org_admin"`

  - `"org_member"`

  - `"org_viewer"`

### Organization Status

- `OrganizationStatus = "active" | "disabled"`

  Status of organization membership

  - `"active"`

  - `"disabled"`

### Organization User

- `OrganizationUser`

  - `id: string`

    The keycard account ID

  - `created_at: string`

    The time the entity was created in utc

  - `role: OrganizationRole`

    User's role in the organization

    - `"org_admin"`

    - `"org_member"`

    - `"org_viewer"`

  - `source: string`

    Identity provider issuer

  - `status: OrganizationStatus`

    Status of organization membership

    - `"active"`

    - `"disabled"`

  - `updated_at: string`

    The time the entity was mostly recently updated in utc

  - `email?: string`

    User email address

  - `permissions?: Record<string, Record<string, boolean>>`

    Permissions granted to the authenticated principal for this resource.
    Only populated when the 'expand[]=permissions' query parameter is provided.
    Keys are resource types (e.g., "organizations"), values are objects mapping
    permission names to boolean values indicating if the permission is granted.