User.get - REST API


Returns details of a user. If UST only is on input, it must point to an existing user session whose user details will be returned. Additionally, super-users may provide user_id in request to look up details of users by their IDs. Some attributes are returned only to super-users.

Input parameters may be sent in query string or JSON body - there is no difference.

  • HTTP method: GET
  • URL path: /zato/sso/user


uststring---Current user's session token (UST)
current_appstring---Name of application that the call is attempted from
user_idstringYesID of a user to return details of. May be provided only if input ust belongs to a super-user.


NameDatatypeOptionalNeeds super-userNotes
cidstring------Correlation ID assigned to request
statusstring------Overall status code
sub_statuslistYes---Returned only if status is not "ok", a list of error or warning codes
user_idstring------ID of the user returned
usernamestring------Username of the user
display_namestringYes---Display name
first_namestringYes---First name
middle_namestringYes---Middle name
last_namestringYes---Last name
is_totp_enabledboolYes---Should TOTP-based two factor authentication be enabled for user
totp_keystringYes---User's TOTP key, one will be auto-generated for user if it is not given on input, even if is_totp_enabled is False
totp_labelstringYes---An arbitrary label assigned to user's TOTP key for convenience
is_activeboolYesYes(Reserved for future use)
is_internalboolYesYesDoes the account belong to Zato internally?
is_super_userboolYesYesIs the user a super-user?
is_approval_neededboolYesYesIs a super-user's approval needed for this account to become fully active?
approval_statusstringYesYesCurrent approval status, one of: before_decision, approved, rejected
approval_status_mod_bystringYesYesBy whom the approval status was last changed, will be 'auto' for users created from command line
approval_status_mod_timedatetimeYesYesWhen was the approval status last changed
is_lockedboolYesYesHas this account been locked by a super-user?
locked_timestringYesYesIf locked, when was it?
locked_bystringYesYesIf locked, who by?
creation_ctxstringYesYes(Reserved for future use)
approv_rej_timestringYesYesIf approved or rejected, when was it?
approv_rej_bystringYesYesIf approved or rejected, who by?
password_expirystringYesYesWhen will that account's password expire?
password_is_setboolYesYes(Reserved for future use)
password_must_changeboolYesYesIs the user required to change password on next login?
password_last_setstringYesYesWhen was the password last set?
sign_up_statusstringYesYesSignup process status, returned values are: before_confirmation, to_approve, final
sign_up_timedatetimeYesYesWhen did the user sign up with the system?


  • Input user is a regular one looking up details of his or her own account:
$ curl -XGET localhost:17010/zato/sso/user -d '
  "ust":         "gAAAAABalTpNLXP6Xk_KN_SEjyd5ubjEkAmoGSXwpMA3x825D2VjLqgb-G...",
  "current_app": "CRM"

  "cid": "6f916246696fbdd76f8a7073",
  "status": "ok",
  "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
  "username": "user1",
  "display_name": "John Doe"
  • Input user is a super-user checking details of another user:
$ curl -XGET localhost:17010/zato/sso/user -d '
  "ust":         "gAAAAABalYT1hsvrBVc...",
  "user_id":     "zusrx2efj1q1h98n9q00tgx8scefv",
  "current_app": "CRM"

      "approval_status": "before_decision",
      "approval_status_mod_by": "zusr3qnafn39208krbt0vt2nypx2ta",
      "approval_status_mod_time": "2028-03-05 12:08:14.119759",
      "cid": "de00deb0471188dcdd9913a8",
      "display_name": "John Doe",
      "is_active": true,
      "is_approved": true,
      "is_internal": false,
      "is_locked": false,
      "is_super_user": false,
      "password_expiry": "2020-02-25T15:39:53",
      "password_is_set": true,
      "password_last_set": "2028-02-25T15:39:53",
      "password_must_change": false,
      "sign_up_status": "final",
      "sign_up_time": "2028-02-24T12:56:58",
      "status": "ok",
      "user_id": "zusrx2efj1q1h98n9q00tgx8scefv",
      "username": "user1"
  • Input user is a regular one thus an error is returned if user_id is given on input:
$ curl -XGET localhost:17010/zato/sso/user -d '
  "ust":         "gAAAAABalTpNLXP6X...",
  "user_id":     "zusrx2efj1q1h98n9q00tgx8scefv",
  "current_app": "CRM"

  "cid": "2ed61c13e0755c0f4eef970f",
  "status": "error",
  "sub_status": ["E005001"],