GET
/v1/mgmt/user

Load a user's data, using a valid management key.

This API endpoint takes the user's loginId and then returns details of a user utilizing a valid management key. The response includes the following; however, there are additional items in the response that you can see below by expanding the response 200 OK.

  • loginIds
  • userId
  • name
  • email
  • phone
  • verified settings (phone, email)
  • Tenant configurations - which tenantIds, which roleNames

Note: Suppose you frequently load a user for a specific user detail, such as their email address or a particular custom attribute. In that case, you can save execution time and additional API/SDK calls to load the user by adding the items to the custom claim. For details on adding items to the custom claims, see this documentation.

Note: If you have access to all SSO applications, the list will return as an empty array. Descope allows you to restrict which apps each user has access to, but by default gives access to all applications.

Next Steps

Once you have this data, you can utilize the response to prepare the payload to perform an Update on the user.

See also

Endpoint Authentication

Use authorization bearer header with the following format:

Authorization: Bearer \<ProjectId:ManagementKey\>

Try it

/v1/mgmt/user

The Authorization access token

Authorization

Authorization
Required
Bearer <token>

< Project ID >:< Management Key > as bearer

In: header

Query Parameters

loginIdstring

userIdstring

Status codeDescription
200OK
curl -X GET "https://api.descope.com/v1/mgmt/user?loginId=string&userId=string"

{
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string"
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {},
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true
  }
}

Was this helpful?