Skip to main content

User by ID​

Returns the full user object (human or machine) including the profile, email, etc.

Path Parameters
    id string required

    User ID of the user you like to get.

Header Parameters
    x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.

Responses

OK

Schema
    user object
    id string
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
    state string

    Possible values: [USER_STATE_UNSPECIFIED, USER_STATE_ACTIVE, USER_STATE_INACTIVE, USER_STATE_DELETED, USER_STATE_LOCKED, USER_STATE_SUSPEND, USER_STATE_INITIAL]

    Default value: USER_STATE_UNSPECIFIED

    current state of the user

    userName string
    loginNames string[]
    preferredLoginName string
    human object

    one of type use human or machine

    profile object
    firstName string
    lastName string
    nickName string
    displayName string

    a user can set the display name, if nothing is set ZITADEL computes "first_name last_name"

    preferredLanguage string

    language tag analog https://tools.ietf.org/html/rfc3066

    gender string

    Possible values: [GENDER_UNSPECIFIED, GENDER_FEMALE, GENDER_MALE, GENDER_DIVERSE]

    Default value: GENDER_UNSPECIFIED

    the gender of the human

    avatarUrl string

    avatar URL of the user

    email object
    email string

    email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)

    isEmailVerified boolean

    Is true if the user verified the email or if the email is managed outside ZITADEL

    phone object
    phone string

    mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)

    isPhoneVerified boolean

    Is true if the user verified the phone or if the phone is managed outside ZITADEL

    machine object

    one of type use human or machine

    name string
    description string
    hasSecret boolean
    accessTokenType string

    Possible values: [ACCESS_TOKEN_TYPE_BEARER, ACCESS_TOKEN_TYPE_JWT]

    Default value: ACCESS_TOKEN_TYPE_BEARER

    Type of access token to receive

GET /users/:id

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN/management/v1
Bearer Token
id — path required
x-zitadel-orgid — header
Accept
curl / cURL
curl -L -X GET 'https://$CUSTOM-DOMAIN/management/v1/users/:id' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'