Users

List users

client.zones.users.list(, ?, ?): UserListResponse { items, pagination }

GET/zones/{zoneId}/users

Returns a list of users in the specified zone.

Rollout note: the paginated/searchable/sortable behavior described below is gated behind the user-pagination feature flag and is currently disabled for most zones. While the flag is off, the response returns every user in the zone (capped at 100) in items and a fixed pagination envelope where after_cursor and before_cursor are null and total_count is 0. The query parameters below are accepted but ignored. The flag is rolled out per-zone in Datadog and will become the default once Console adopts the paginated contract.

Use cursor pagination via after/before. Sort: comma-separated field list; prefix with - for descending. Use expand[]=total_count to include the matching row count, expand[]=session_count to include per-user session counts, and expand[]=grant_count to include per-user delegated-grant counts. Filter by exact email via filter[email]; search via query[email] / query[subject] / query[] (substring match, OR'd across repeated values). query[] matches against email and federation credential subject. Pass filter[id] (repeatable, max 100) to restrict results to a known set of users — mutually exclusive with after/before (returns 400 if combined). When filter[id] is set, limit is ignored and the response contains every requested user that exists in the zone, in a single page. IDs not in the zone are silently omitted.

ParametersExpand Collapse

zoneID: string

query: UserListParams { after, before, expand, 7 more }

after?: string

Cursor for forward pagination

minLength1

maxLength255

before?: string

Cursor for backward pagination

minLength1

maxLength255

Accepts one of the following:

"total_count" | "session_count" | "grant_count"

"total_count"

"session_count"

"grant_count"

Array<"total_count" | "session_count" | "grant_count">

"total_count"

"session_count"

"grant_count"

filterEmail?: string | Array<string>

Filter by exact email address

Accepts one of the following:

string

Array<string>

filterID?: string | Array<string>

Restrict results to users with this publicId. Repeatable, max 100. Mutually exclusive with after/before.

Accepts one of the following:

string

Array<string>

limit?: number

Maximum number of items to return

minimum1

maximum100

query?: string | Array<string>

Search across email and credential subject (substring match)

Accepts one of the following:

string

Array<string>

queryEmail?: string | Array<string>

Search by email (substring match)

Accepts one of the following:

string

Array<string>

querySubject?: string | Array<string>

Search by federated credential subject (substring match)

Accepts one of the following:

string

Array<string>

sort?: string

Comma-separated sort fields. Prefix with - for descending. Allowed: created_at, email, authenticated_at

ReturnsExpand Collapse

UserListResponse { items, pagination }

items: Array<User { id, created_at, email, 11 more } >

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time

email: string

Email address of the user

formatemail

email_verified: boolean

Whether the email address has been verified

identifier: string

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: string

Organization that owns this user

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this user belongs to

authenticated_at?: string

Date when the user was last authenticated

grant_count?: number

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0

issuer?: string

Issuer identifier of the identity provider

provider_id?: string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

session_count?: number

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0

subject?: string

Subject identifier from the identity provider

pagination: Pagination { after_cursor, before_cursor, total_count }

Cursor-based pagination metadata

after_cursor: string | null

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

before_cursor: string | null

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

total_count?: number

Total number of items matching the query. Only included when expand[]=total_count is requested.

List users

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const users = await client.zones.users.list('zoneId');

console.log(users.items);

{
  "items": [
    {
      "id": "id",
      "created_at": "2019-12-27T18:11:19.117Z",
      "email": "dev@stainless.com",
      "email_verified": true,
      "identifier": "identifier",
      "organization_id": "organization_id",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "authenticated_at": "authenticated_at",
      "grant_count": 0,
      "issuer": "issuer",
      "provider_id": "provider_id",
      "session_count": 0,
      "subject": "subject"
    }
  ],
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}

Returns Examples

{
  "items": [
    {
      "id": "id",
      "created_at": "2019-12-27T18:11:19.117Z",
      "email": "dev@stainless.com",
      "email_verified": true,
      "identifier": "identifier",
      "organization_id": "organization_id",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "authenticated_at": "authenticated_at",
      "grant_count": 0,
      "issuer": "issuer",
      "provider_id": "provider_id",
      "session_count": 0,
      "subject": "subject"
    }
  ],
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}