📄️ User by ID
Returns the full user object (human or machine) including the profile, email, etc.
📄️ Delete user
The state of the user will be changed to 'deleted'. The user will not be able to log in anymore. Endpoints requesting this user will return an error 'User not found
📄️ Get User by login name (globally)
Get a user by login name searched over all organizations. The request only returns data if the login name matches exactly.
📄️ Search Users
Search for users within an organization. By default, we will return users of your organization. Make sure to include a limit and sorting for pagination.
📄️ Get User History
Returns a list of changes/events that have happened on the user. It's the history of the user. Make sure to send a limit.
📄️ Check for existing user
Returns if a user with the requested email or username is unique. So you can create the user.
📄️ Deprecated: Create User (Human)
Create a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.
📄️ Create/Import User (Human)
Create/import a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.
📄️ Create User (Machine)
Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows.
📄️ Deactivate user
The state of the user will be changed to 'deactivated'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'deactivated'. Use deactivate user when the user should not be able to use the account anymore, but you still need access to the user data.
📄️ Reactivate user
Reactivate a user with the state 'deactivated'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'deactivated'.
📄️ Lock user
The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)
📄️ Unlock user
Unlock a user with the state 'locked'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'locked'.
📄️ Change user name
Change the username of the user. Be aware that the user has to log in with the newly added username afterward.
📄️ Get User Metadata By Key
Get a metadata object from a user by a specific key.
📄️ Delete User Metadata By Key
Remove a metadata object from a user with a specific key.
📄️ Set User Metadata
This endpoint either adds or updates a metadata value for the requested key. Make sure the value is base64 encoded.
📄️ Bulk Delete Metadata
Remove a list of metadata objects from a user with a list of keys.
📄️ Bulk Set User Metadata
Add or update multiple metadata values for a user. Make sure the values are base64 encoded.
📄️ Search User Metadata
Get the metadata of a user filtered by your query.
📄️ Get User Profile (Human)
Get basic information like first_name and last_name of a user.
📄️ Update User Profile (Human)
Update the profile information from a user. The profile includes basic information like first_name and last_name.
📄️ Get User Email (Human)
Get the email address and the verification state of the address.
📄️ Update User Email (Human)
Change the email address of a user. If the state is set to not verified, the user will get a verification email.
📄️ Resend User Initialization Email
A newly created user will get an initialization email to verify the email address and set a password. Resend the email with this request to the user's email address, or a newly added address.
📄️ Resend User Email Verification
Resend the email verification notification to the given email address of the user.
📄️ Get User Phone (Human)
Get the phone number and the verification state of the number. The phone number is only for informational purposes and to send messages, not for Authentication (2FA).
📄️ Remove User Phone (Human)
Remove the configured phone number of a user.
📄️ Update User Phone (Human)
Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA).
📄️ Resend User Phone Verification
Resend the notification for the verification of the phone number, to the number stored on the user.
📄️ Delete User Avatar (Human)
Removes the avatar that is currently set on the user.
📄️ Set Human Initial Password
Set Human Initial Password
📄️ Set User Password
Set a new password for a user. Per default, the user has to change the password on the next login. You can set no_change_required to true, to avoid the change on the next login.
📄️ Send Reset Password Notification
The user will receive an email with a link to change the password.
📄️ Get User Authentication Factors (2FA/MFA)
Get a list of authentication factors the user has set. Including Second-Factors (2FA) and Multi-Factors (MFA).
📄️ Remove Multi-Factor OTP
Remove the configured One-Time-Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator.
📄️ Remove Multi-Factor U2F
Remove the configured Universal-Second-Factor (U2F) as a factor from the user. U2F is a device-dependent factor like FingerPrint, Windows-Hello, etc.
📄️ Remove Multi-Factor OTP SMS
Remove the configured One-Time-Password (OTP) SMS as a factor from the user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward.
📄️ Remove Multi-Factor OTP SMS
Remove the configured One-Time-Password (OTP) Email as a factor from the user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward.
📄️ Search Passwordless/Passkey authentication
Get a list of configured passwordless/passkey authentication methods from the user. Passwordless/passkey is a device-dependent authentication like FingerScan, WindowsHello or a Hardware Token.
📄️ Add Passwordless/Passkey Registration Link
Adds a new passwordless/passkey authenticator link to the user and returns it in the response. The link enables the user to register a new device if current passwordless/passkey devices are all platform authenticators. e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone
📄️ Send Passwordless/Passkey Registration Link
Adds a new passwordless/passkey authenticator link to the user and sends it to the user per email. The link enables the user to register a new device if current passwordless/passkey devices are all platform authenticators. e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone
📄️ Delete Passwordless/Passkey
Remove a configured passwordless/passkey authentication method from the user. (e.g FaceID, FingerScane, WindowsHello, etc.)
📄️ Update Machine User
Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities.
📄️ Delete Secret of Machine User
Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward.
📄️ Create Secret for Machine User
Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant).
📄️ Get Machine user Key By ID
Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication.
📄️ Delete Key for machine user
Delete a specific key from a user. The user will not be able to authenticate with that key afterward.
📄️ Get Machine user Key By ID
Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication.
📄️ Create Key for machine user
If a public key is not supplied, a new key is generated and will be returned in the response. Make sure to store the returned key. If an RSA public key is supplied, the private key is omitted from the response. Machine keys are used to authenticate with jwt profile.
📄️ Get a Personal-Access-Token (PAT) by ID
Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
📄️ Get a Personal-Access-Token (PAT) by ID
Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore.
📄️ Get a Personal-Access-Token (PAT) by ID
Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
📄️ Create a Personal-Access-Token (PAT)
Generates a new PAT for the user. Currently only available for machine users. The token will be returned in the response, make sure to store it. PATs are ready-to-use tokens and can be sent directly in the authentication header.
📄️ List Social Logins
Returns a list of all linked identity providers/social logins of the user. (e. Google, Microsoft, AzureAD, etc.)
📄️ Remove Social Login
Remove a configured social logins/identity providers of the user (e.g. Google, Microsoft, AzureAD, etc.). The user will not be able to log in with the given provider afterward. Make sure the user does have other possibilities to authenticate.
📄️ List ZITADEL Permissions
Show all the permissions the user has in ZITADEL (ZITADEL Manager).