Users

Users can perform a variety of actions in ThreatConnect depending on their user account type and their System and Organization role. In addition, users can be assigned to Workflow Cases, Workflow Tasks, and Task Groups.

Endpoint: /api/v3/security/users

Available Fields

A list of fields for the v3/security/users endpoint, which is a read-only endpoint, can be retrieved using the following query:

OPTIONS /v3/security/users?show=readonly

Retrieve Users

Retrieve All Users

To retrieve all users in the Organization in which your API user account resides, use the following query:

GET /v3/security/users

JSON Response:

{
    "data": [
        {
            "id": 1,
            "userName": "[email protected]",
            "firstName": "John",
            "lastName": "Smith",
            "pseudonym": "JMS",
            "role": "Administrator"
        },
        {
            "id": 2,
            "userName": "[email protected]",
            "firstName": "Pat",
            "lastName": "Jones",
            "pseudonym": "patjones",
            "role": "User"
        },
        {
            "id": 3,
            "userName": "11112222333344445555",
            "firstName": "John",
            "lastName": "Smith",
            "pseudonym": "jsmithAPI",
            "role": "Api User"
        },
        {...}
    ],
    "status": "Success"
}

Retrieve a Single User

To retrieve a specific user in the Organization in which your API user account resides, use a query in the following format:

GET /v3/security/users/{userId}

For example, the following query will return information about the user with ID 3:

GET /v3/security/users/3

JSON Response:

{
    "data": {
        "id": 3,
        "userName": "11112222333344445555",
        "firstName": "John",
        "lastName": "Smith",
        "pseudonym": "jsmithAPI",
        "role": "Api User"
    },
    "status": "Success"
}

Filter Results

To filter returned objects using ThreatConnect Query Language (TQL), refer to Filter Results with TQL.