Users

Users can perform a variety of actions in ThreatConnect depending on their user account type and their System and Organization role. In addition, users can be assigned to Workflow Cases and Workflow Tasks.

Endpoint: /api/v3/security/users

Available Fields

A list of valid fields for the v3/security/users endpoint, which is a read-only endpoint, can be retrieved using the following query:

OPTIONS /v3/security/users?show=readonly

Retrieve Users

Retrieve All Users

To retrieve all users in the Organization in which your API user account resides, use the following query:

GET /v3/security/users

JSON Response:

{
    "data": [{
        "id": 1,
        "userName": "[email protected]",
        "firstName": "John",
        "lastName": "Smith",
        "pseudonym": "JMS",
        "role": "Administrator"
    },
    {
        "id": 2,
        "userName": "[email protected]",
        "firstName": "Pat",
        "lastName": "Jones",
        "pseudonym": "patjones",
        "role": "User"
    },
    {...}
    ],
    "status": "Success"
}

Retrieve a Single User

To retrieve a specific user in the Organization in which your API user account resides, use a query in the following format:

GET /v3/security/users/{userId}

For example, the following query will return information about the user with ID 3:

GET /v3/security/users/3

JSON Response:

{
    "data": {
        "id": 3,
        "userName": "52583294827510809921",
        "firstName": "API",
        "lastName": "User",
        "pseudonym": "APIUserJMS",
        "role": "Api User"
    },
    "status": "Success"
}

Filter Results

To filter returned objects using ThreatConnect Query Language (TQL), refer to Filter Results with TQL.