Skip to content
Docs
Users
Retrieve

Get user

API Reference
Zones
Users

Get user

client.zones.users.retrieve(stringid, UserRetrieveParams { zoneId } params, RequestOptionsoptions?): User { id, created_at, email, 13 more }
GET/zones/{zoneId}/users/{id}

Returns details of a specific user by user ID

ParametersExpand Collapse
id: string
params: UserRetrieveParams { zoneId }
zoneId: string

Zone ID

ReturnsExpand Collapse
User { id, created_at, email, 13 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time
email: string

Email address of the user

formatemail
email_verified: boolean

Whether the email address has been verified

identifier: string

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: string

Organization that owns this user

status: "active" | "disabled"

Status of the user. Disabled users cannot authenticate.

Accepts one of the following:
"active"
"disabled"
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user belongs to

authenticated_at?: string

Date when the user was last authenticated

grant_count?: number

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0
issuer?: string

Issuer identifier of the identity provider

provider_id?: string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

role_assignments?: Array<RoleAssignment>

Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.

role_id: string

ID of the assigned role

role_identifier: string

Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.

minLength1
maxLength255
scope: Scope | null

The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).

id: string

The ID of the scoped resource.

type: string

The kind of resource this grant is scoped to (e.g. zone).

session_count?: number

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0
subject?: string

Subject identifier from the identity provider

Get user

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const user = await client.zones.users.retrieve('id', { zoneId: 'zoneId' });

console.log(user.id);
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "email": "dev@stainless.com",
  "email_verified": true,
  "identifier": "identifier",
  "organization_id": "organization_id",
  "status": "active",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "authenticated_at": "authenticated_at",
  "grant_count": 0,
  "issuer": "issuer",
  "provider_id": "provider_id",
  "role_assignments": [
    {
      "role_id": "role_id",
      "role_identifier": "x",
      "scope": {
        "id": "id",
        "type": "type"
      }
    }
  ],
  "session_count": 0,
  "subject": "subject"
}
Returns Examples
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "email": "dev@stainless.com",
  "email_verified": true,
  "identifier": "identifier",
  "organization_id": "organization_id",
  "status": "active",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "authenticated_at": "authenticated_at",
  "grant_count": 0,
  "issuer": "issuer",
  "provider_id": "provider_id",
  "role_assignments": [
    {
      "role_id": "role_id",
      "role_identifier": "x",
      "scope": {
        "id": "id",
        "type": "type"
      }
    }
  ],
  "session_count": 0,
  "subject": "subject"
}