Users

ZITADEL knows two different types of users: Users (Human) and Service Users (Machine Accounts)

📄️ Get User History

Returns a list of changes/events that have happened on the user. It's the history of the user. Make sure to send a limit.

📄️ Get User Metadata By Key

Get a metadata object from a user by a specific key.

📄️ Delete User Metadata By Key

Remove a metadata object from a user with a specific key.

📄️ Set User Metadata

This endpoint either adds or updates a metadata value for the requested key. Make sure the value is base64 encoded.

📄️ Bulk Delete Metadata

Remove a list of metadata objects from a user with a list of keys.

📄️ Bulk Set User Metadata

Add or update multiple metadata values for a user. Make sure the values are base64 encoded.

📄️ Search User Metadata

Get the metadata of a user filtered by your query.

📄️ Delete User Avatar (Human)

Removes the avatar that is currently set on the user.

📄️ List ZITADEL Permissions

Show all the permissions the user has in ZITADEL (ZITADEL Manager).

📄️ User by ID

Returns the full user object (human or machine) including the profile, email, etc.

📄️ Delete user

The state of the user will be changed to 'deleted'. The user will not be able to log in anymore. Endpoints requesting this user will return an error 'User not found.

📄️ Get User by login name (globally)

Get a user by login name searched over all organizations. The request only returns data if the login name matches exactly.

📄️ Search Users

Search for users within an organization. By default, we will return users of your organization. Make sure to include a limit and sorting for pagination.

📄️ Check for existing user

Returns if a user with the requested email or username is unique. So you can create the user.

📄️ Create User (Human)

Deprecated: use [ImportHumanUser](apis/resources/mgmt/management-service-import-human-user.api.mdx) instead.

📄️ Create/Import User (Human)

Deprecated: use [UpdateHumanUser](apis/resources/user_service_v2/user-service-update-human-user.api.mdx) instead.

📄️ Create User (Machine)

Deprecated: use [user service v2 CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a user of type machine instead.

📄️ Deactivate user

The state of the user will be changed to 'deactivated'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'deactivated'. Use deactivate user when the user should not be able to use the account anymore, but you still need access to the user data.

📄️ Reactivate user

Reactivate a user with the state 'deactivated'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'deactivated'.

📄️ Lock user

The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.),

📄️ Unlock user

Unlock a user with the state 'locked'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'locked'.

📄️ Change user name

Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.

📄️ Get User Profile (Human)

Get basic information like first_name and last_name of a user.

📄️ Update User Profile (Human)

Deprecated: use [user service v2 UpdateHumanUser](apis/resources/user_service_v2/user-service-update-human-user.api.mdx) instead.

📄️ Get User Email (Human)

Get the email address and the verification state of the address.

📄️ Update User Email (Human)

Deprecated: use [user service v2 SetEmail](apis/resources/user_service_v2/user-service-set-email.api.mdx) instead.

📄️ Resend User Initialization Email

A newly created user will get an initialization email to verify the email address and set a password. Resend the email with this request to the user's email address, or a newly added address.

📄️ Resend User Email Verification

Deprecated: use [user service v2 ResendEmailCode](apis/resources/user_service_v2/user-service-resend-email-code.api.mdx) instead.

📄️ Get User Phone (Human)

Get the phone number and the verification state of the number. The phone number is only for informational purposes and to send messages, not for Authentication (2FA).

📄️ Remove User Phone (Human)

Deprecated: use user service v2 [user service v2 SetPhone](apis/resources/user_service_v2/user-service-set-phone.api.mdx) instead.

📄️ Update User Phone (Human)

Deprecated: use [user service v2 SetPhone](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.

📄️ Resend User Phone Verification

Deprecated: use user service v2 [user service v2 ResendPhoneCode](apis/resources/user_service_v2/user-service-resend-phone-code.api.mdx) instead.

📄️ Set Human Initial Password

Deprecated: use [user service v2 SetPassword](apis/resources/user_service_v2/user-service-set-password.api.mdx) instead.

📄️ Set User Password

Deprecated: use [user service v2 SetPassword](apis/resources/user_service_v2/user-service-set-password.api.mdx) instead.

📄️ Send Reset Password Notification

Deprecated: use [user service v2 PasswordReset](apis/resources/user_service_v2/user-service-password-reset.api.mdx) instead.

📄️ Get User Authentication Factors (2FA/MFA)

Get a list of authentication factors the user has set. Including Second Factors (2FA) and Multi-Factors (MFA).

📄️ Remove Multi-Factor OTP

Remove the configured One-Time Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator.

📄️ Remove Multi-Factor U2F

Remove the configured Universal Second Factor (U2F) as a factor from the user. U2F is a device-dependent factor like FingerPrint, Windows-Hello, etc.

📄️ Remove Multi-Factor OTP SMS

Remove the configured One-Time Password (OTP) SMS as a factor from the user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward.

📄️ Remove Multi-Factor OTP SMS

Remove the configured One-Time Password (OTP) Email as a factor from the user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward.

📄️ Search Passwordless/Passkey authentication

Get a list of configured passwordless/passkey authentication methods from the user. Passwordless/passkey is a device-dependent authentication like FingerScan, WindowsHello or a Hardware Token.

📄️ Add Passwordless/Passkey Registration Link

Adds a new passwordless/passkey authenticator link to the user and returns it in the response. The link enables the user to register a new device if current passwordless/passkey devices are all platform authenticators. e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone

📄️ Send Passwordless/Passkey Registration Link

Adds a new passwordless/passkey authenticator link to the user and sends it to the user per email. The link enables the user to register a new device if current passwordless/passkey devices are all platform authenticators. e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone.

📄️ Delete Passwordless/Passkey

Remove a configured passwordless/passkey authentication method from the user. (e.g FaceID, FingerScane, WindowsHello, etc.).

📄️ Update Machine User

Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type machine instead.

📄️ Delete Secret of Machine User

Deprecated: use [user service v2 RemoveSecret](apis/resources/user_service_v2/user-service-remove-secret.api.mdx) instead.

📄️ Create Secret for Machine User

Deprecated: use [user service v2 AddSecret](apis/resources/user_service_v2/user-service-add-secret.api.mdx) instead.

📄️ Get Machine user Key By ID

Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.

📄️ Delete Key for machine user

Deprecated: use [user service v2 RemoveKey](apis/resources/user_service_v2/user-service-remove-key.api.mdx) instead.

📄️ Get Machine user Key By ID

Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.

📄️ Create Key for machine user

Deprecated: use [user service v2 AddKey](apis/resources/user_service_v2/user-service-add-key.api.mdx) instead.

📄️ Get Personal-Access-Token (PAT) by ID

Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.

📄️ Remove a Personal-Access-Token (PAT) by ID

Deprecated: use [user service v2 RemovePersonalAccessToken](apis/resources/user_service_v2/user-service-remove-personal-access-token.api.mdx) instead.

📄️ List Personal-Access-Tokens (PATs)

Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.

📄️ Create a Personal-Access-Token (PAT)

Deprecated: use [user service v2 AddPersonalAccessToken](apis/resources/user_service_v2/user-service-add-personal-access-token.api.mdx) instead.

📄️ List Social Logins

Returns a list of all linked identity providers/social logins of the user. (e. Google, Microsoft, AzureAD, etc.).

📄️ Remove Social Login

Remove a configured social logins/identity providers of the user (e.g. Google, Microsoft, AzureAD, etc.). The user will not be able to log in with the given provider afterward. Make sure the user does have other possibilities to authenticate.