User.get - REST API

Overview

Returns details of a user. If UST only is on input, it must point to an existing user session whose user details will be returned. Additionally, super-users may provide user_id in request to look up details of users by their IDs. Some attributes are returned only to super-users.

Input parameters may be sent in query string or JSON body - there is no difference.

HTTP method: GET
URL path: /zato/sso/user

Request

Name	Datatype	Optional	Notes
ust	string	---	Current user's session token (UST)
current_app	string	---	Name of application that the call is attempted from
user_id	string	Yes	ID of a user to return details of. May be provided only if input ust belongs to a super-user.

Response

Name	Datatype	Optional	Needs super-user	Notes
cid	string	---	---	Correlation ID assigned to request
status	string	---	---	Overall status code
sub_status	list	Yes	---	Returned only if status is not "ok", a list of error or warning codes
user_id	string	---	---	ID of the user returned
username	string	---	---	Username of the user
email	string	Yes	---	E-mail
display_name	string	Yes	---	Display name
first_name	string	Yes	---	First name
middle_name	string	Yes	---	Middle name
last_name	string	Yes	---	Last name
is_totp_enabled	bool	Yes	---	Should TOTP-based two factor authentication be enabled for user
totp_key	string	Yes	---	User's TOTP key, one will be auto-generated for user if it is not given on input, even if is_totp_enabled is False
totp_label	string	Yes	---	An arbitrary label assigned to user's TOTP key for convenience
is_active	bool	Yes	Yes	(Reserved for future use)
is_internal	bool	Yes	Yes	Does the account belong to Zato internally?
is_super_user	bool	Yes	Yes	Is the user a super-user?
is_approval_needed	bool	Yes	Yes	Is a super-user's approval needed for this account to become fully active?
approval_status	string	Yes	Yes	Current approval status, one of: before_decision, approved, rejected
approval_status_mod_by	string	Yes	Yes	By whom the approval status was last changed, will be 'auto' for users created from command line
approval_status_mod_time	datetime	Yes	Yes	When was the approval status last changed
is_locked	bool	Yes	Yes	Has this account been locked by a super-user?
locked_time	string	Yes	Yes	If locked, when was it?
locked_by	string	Yes	Yes	If locked, who by?
creation_ctx	string	Yes	Yes	(Reserved for future use)
approv_rej_time	string	Yes	Yes	If approved or rejected, when was it?
approv_rej_by	string	Yes	Yes	If approved or rejected, who by?
password_expiry	string	Yes	Yes	When will that account's password expire?
password_is_set	bool	Yes	Yes	(Reserved for future use)
password_must_change	bool	Yes	Yes	Is the user required to change password on next login?
password_last_set	string	Yes	Yes	When was the password last set?
sign_up_status	string	Yes	Yes	Signup process status, returned values are: before_confirmation, to_approve, final
sign_up_time	datetime	Yes	Yes	When did the user sign up with the system?

Usage

Input user is a regular one looking up details of his or her own account:

$ curl -XGET localhost:17010/zato/sso/user -d '
  {
  "ust":         "gAAAAABalTpNLXP6Xk_KN_SEjyd5ubjEkAmoGSXwpMA3x825D2VjLqgb-G...",
  "current_app": "CRM"
  }
  '

  {
  "cid": "6f916246696fbdd76f8a7073",
  "status": "ok",
  "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
  "username": "user1",
  "display_name": "John Doe"
  }
$

Input user is a super-user checking details of another user:

$ curl -XGET localhost:17010/zato/sso/user -d '
  {
  "ust":         "gAAAAABalYT1hsvrBVc...",
  "user_id":     "zusrx2efj1q1h98n9q00tgx8scefv",
  "current_app": "CRM"
  }
  '

  {
      "approval_status": "before_decision",
      "approval_status_mod_by": "zusr3qnafn39208krbt0vt2nypx2ta",
      "approval_status_mod_time": "2028-03-05 12:08:14.119759",
      "cid": "de00deb0471188dcdd9913a8",
      "display_name": "John Doe",
      "is_active": true,
      "is_approved": true,
      "is_internal": false,
      "is_locked": false,
      "is_super_user": false,
      "password_expiry": "2020-02-25T15:39:53",
      "password_is_set": true,
      "password_last_set": "2028-02-25T15:39:53",
      "password_must_change": false,
      "sign_up_status": "final",
      "sign_up_time": "2028-02-24T12:56:58",
      "status": "ok",
      "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
      "username": "user1"
  }

Input user is a regular one thus an error is returned if user_id is given on input:

$ curl -XGET localhost:17010/zato/sso/user -d '
  {
  "ust":         "gAAAAABalTpNLXP6X...",
  "user_id":     "zusrx2efj1q1h98n9q00tgx8scefv",
  "current_app": "CRM"
  }
  '

  {
  "cid": "2ed61c13e0755c0f4eef970f",
  "status": "error",
  "sub_status": ["E005001"],
  }
$