📄️ Create a User
Create a new human or machine user in the specified organization.
📄️ Create a new human user
Deprecated: Use [CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a new user of type human instead.
📄️ User by ID
Returns the full user object (human or machine) including the profile, email, etc..
📄️ Delete user
The state of the user will be changed to 'deleted'. The user will not be able to log in anymore. Endpoints requesting this user will return an error 'User not found..
📄️ Update a User
Partially update an existing user.
📄️ Search Users
Search for users. By default, we will return all users of your instance that you have permission to read. Make sure to include a limit and sorting for pagination.
📄️ Change the user email
Deprecated: [Update the users email field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
📄️ Resend code to verify user email
Resend code to verify user email
📄️ Send code to verify user email
Send code to verify user email
📄️ Verify the email
Verify the email with the generated code.
📄️ Delete the user phone
Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx) to remove the phone number.
📄️ Set the user phone
Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
📄️ Resend code to verify user phone number
Resend code to verify user phone number.
📄️ Verify the phone number
Verify the phone number with the generated code.
📄️ Update Human User
Deprecated: Use [UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type human instead.
📄️ Deactivate user
The state of the user will be changed to 'deactivated'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'deactivated'. Use deactivate user when the user should not be able to use the account anymore, but you still need access to the user data..
📄️ Reactivate user
Reactivate a user with the state 'deactivated'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'deactivated'..
📄️ Lock user
The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)..
📄️ Unlock user
The state of the user will be changed to 'active'. The user will be able to log in again. The endpoint returns an error if the user is not in the state 'locked'.
📄️ Start the registration of passkey for a user
Start the registration of a passkey for a user, as a response the public key credential creation options are returned, which are used to verify the passkey..
📄️ Remove passkey from a user
Remove passkey from a user.
📄️ Verify a passkey for a user
Verify the passkey registration with the public key credential..
📄️ Create a passkey registration link for a user
Create a passkey registration link which includes a code and either return it or send it to the user..
📄️ List passkeys of an user
List passkeys of an user
📄️ Start the registration of a u2f token for a user
Start the registration of a u2f token for a user, as a response the public key credential creation options are returned, which are used to verify the u2f token..
📄️ Remove u2f token from a user
Remove u2f token from a user
📄️ Verify a u2f token for a user
Verify the u2f token registration with the public key credential..
📄️ Remove TOTP generator from a user
Remove the configured TOTP generator of a user. As only one TOTP generator per user is allowed, the user will not have TOTP as a second factor afterward.
📄️ Start the registration of a TOTP generator for a user
Start the registration of a TOTP generator for a user, as a response a secret returned, which is used to initialize a TOTP app or device..
📄️ Verify a TOTP generator for a user
Verify the TOTP registration with a generated code..
📄️ Remove One-Time Password (OTP) SMS from a user
Remove the configured One-Time Password (OTP) SMS factor of a user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward.
📄️ Add OTP SMS for a user
Add a new One-Time Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor..
📄️ Remove recovery codes from a user
Remove all recovery codes from the authenticated user. This will disable the recovery code second factor.
📄️ Generate single-use recovery codes for a user
Generate new single-use recovery codes for the authenticated user. Recovery codes can be used to recover access to the account if other second factors are not available.
📄️ Remove One-Time Password (OTP) Email from a user
Remove the configured One-Time Password (OTP) Email factor of a user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward.
📄️ Add OTP Email for a user
Add a new One-Time Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor..
📄️ Start flow with an identity provider
Start a flow with an identity provider, for external login, registration or linking..
📄️ Retrieve the information returned by the identity provider
Retrieve the information returned by the identity provider for registration or updating an existing user with new information..
📄️ Add link to an identity provider to an user
Add link to an identity provider to an user..
📄️ List links to an identity provider of an user
List links to an identity provider of an user.
📄️ Remove link of an identity provider to an user
Remove link of an identity provider to an user.
📄️ Request a code to reset a password
Request a code to reset a password..
📄️ Change password
Deprecated: [Update the users password](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
📄️ Remove a Users Secret
Remove the current client ID and client secret from a machine user.
📄️ Add a Users Secret
Generates a client secret for the user.
📄️ Add a Key
Add a keys that can be used to securely authenticate at the Zitadel APIs using JWT profile authentication using short-lived tokens.
📄️ Remove a Key
Remove a machine users key by the given key ID and an optionally given user ID.
📄️ Search Keys
List all matching keys. By default all keys of the instance on which the caller has permission to read the owning users are returned.
📄️ Add a Personal Access Token
Personal access tokens (PAT) are the easiest way to authenticate to the Zitadel APIs.
📄️ Remove a Personal Access Token
Removes a machine users personal access token by the given token ID and an optionally given user ID.
📄️ Search Personal Access Tokens
List all personal access tokens. By default all personal access tokens of the instance on which the caller has permission to read the owning users are returned.
📄️ List all possible authentication methods of a user
List all possible authentication methods of a user like password, passkey, (T)OTP and more..
📄️ UserService_ListAuthenticationFactors
UserService_ListAuthenticationFactors
📄️ Create an invite code for a user
Create an invite code for a user to initialize their first authentication method (password, passkeys, IdP) depending on the organization's available methods.
📄️ Resend an invite code for a user
Deprecated: Use [CreateInviteCode](apis/resources/user_service_v2/user-service-create-invite-code.api.mdx) instead.
📄️ Verify an invite code for a user
Verify the invite code of a user previously issued. This will set their email to a verified state and
📄️ MFA Init Skipped
Update the last time the user has skipped MFA initialization. The server timestamp is used.
📄️ Delete User Metadata
Delete metadata objects from an user with a specific key.
📄️ Set User Metadata
Sets a list of key value pairs. Existing metadata entries with matching keys are overwritten. Existing metadata entries without matching keys are untouched. To remove metadata entries, use [DeleteUserMetadata](apis/resources/user_service_v2/user-service-delete-user-metadata.api.mdx). For HTTP requests, make sure the bytes array value is base64 encoded.
📄️ List User Metadata
List metadata of an user filtered by query.