User.get - REST API


Returns details of a user. If UST only is on input, it must point to an existing user session whose user details will be returned. Additionally, super-users may provide user_id in request to look up details of users by their IDs. Some attributes are returned only to super-users.

Input parameters may be sent in query string or JSON body - there is no difference.

  • HTTP method: GET
  • URL path: /zato/sso/user


Name Datatype Optional Notes
ust string --- Current user's session token (UST)
current_app string --- Name of application that the call is attempted from
user_id string Yes ID of a user to return details of. May be provided only if input ust belongs to a super-user.


Name Datatype Optional Needs super-user Notes
cid string --- --- Correlation ID assigned to request
status string --- --- Overall status code
sub_status list Yes --- Returned only if status is not "ok", a list of error or warning codes
user_id string --- --- ID of the user returned
username string --- --- Username of the user
email string Yes --- E-mail
display_name string Yes --- Display name
first_name string Yes --- First name
middle_name string Yes --- Middle name
last_name string Yes --- Last name
is_totp_enabled bool Yes --- Should TOTP-based two factor authentication be enabled for user
totp_key string Yes --- User's TOTP key, one will be auto-generated for user if it is not given on input, even if is_totp_enabled is False
totp_label string Yes --- An arbitrary label assigned to user's TOTP key for convenience
is_active bool Yes Yes (Reserved for future use)
is_internal bool Yes Yes Does the account belong to Zato internally?
is_super_user bool Yes Yes Is the user a super-user?
is_approval_needed bool Yes Yes Is a super-user's approval needed for this account to become fully active?
approval_status string Yes Yes Current approval status, one of: before_decision, approved, rejected
approval_status_mod_by string Yes Yes By whom the approval status was last changed, will be 'auto' for users created from command line
approval_status_mod_time datetime Yes Yes When was the approval status last changed
is_locked bool Yes Yes Has this account been locked by a super-user?
locked_time string Yes Yes If locked, when was it?
locked_by string Yes Yes If locked, who by?
creation_ctx string Yes Yes (Reserved for future use)
approv_rej_time string Yes Yes If approved or rejected, when was it?
approv_rej_by string Yes Yes If approved or rejected, who by?
password_expiry string Yes Yes When will that account's password expire?
password_is_set bool Yes Yes (Reserved for future use)
password_must_change bool Yes Yes Is the user required to change password on next login?
password_last_set string Yes Yes When was the password last set?
sign_up_status string Yes Yes Signup process status, returned values are: before_confirmation, to_approve, final
sign_up_time datetime Yes Yes When did the user sign up with the system?


  • Input user is a regular one looking up details of his or her own account:
$ curl -XGET localhost:17010/zato/sso/user -d '
  "ust":         "gAAAAABalTpNLXP6Xk_KN_SEjyd5ubjEkAmoGSXwpMA3x825D2VjLqgb-G...",
  "current_app": "CRM"

  "cid": "6f916246696fbdd76f8a7073",
  "status": "ok",
  "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
  "username": "user1",
  "display_name": "John Doe"
  • Input user is a super-user checking details of another user:
$ curl -XGET localhost:17010/zato/sso/user -d '
  "ust":         "gAAAAABalYT1hsvrBVc...",
  "user_id":     "zusrx2efj1q1h98n9q00tgx8scefv",
  "current_app": "CRM"

      "approval_status": "before_decision",
      "approval_status_mod_by": "zusr3qnafn39208krbt0vt2nypx2ta",
      "approval_status_mod_time": "2028-03-05 12:08:14.119759",
      "cid": "de00deb0471188dcdd9913a8",
      "display_name": "John Doe",
      "is_active": true,
      "is_approved": true,
      "is_internal": false,
      "is_locked": false,
      "is_super_user": false,
      "password_expiry": "2020-02-25T15:39:53",
      "password_is_set": true,
      "password_last_set": "2028-02-25T15:39:53",
      "password_must_change": false,
      "sign_up_status": "final",
      "sign_up_time": "2028-02-24T12:56:58",
      "status": "ok",
      "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
      "username": "user1"
  • Input user is a regular one thus an error is returned if user_id is given on input:
$ curl -XGET localhost:17010/zato/sso/user -d '
  "ust":         "gAAAAABalTpNLXP6X...",
  "user_id":     "zusrx2efj1q1h98n9q00tgx8scefv",
  "current_app": "CRM"

  "cid": "2ed61c13e0755c0f4eef970f",
  "status": "error",
  "sub_status": ["E005001"],