Identity Management

GET /users

Requires authentication with server access token.

List users. All query parameters are user properties that will be used to search for users. When sending multiple query parameters, the API performs an AND search. Some parameters are used to fuzzy match, while others perform exact matches. See the parameter list for details on which does what.

All regular expression queries use Perl Compatible Regular Expression syntax, as implemented in PHP and other places.

Search examples

Get name, userId, email and gender from users where familyName starts with "Olsen" and gender is male, limit to 10 users:

curl http://identity-pre.schibsted.com/api/2/users?oauth_token=TOKEN& \
  limit=10& \
  offset=0& \
  familyName=Olsen& \
  gender=male& \
  fields=name,userId,email,gender

Get the whole user object from users where email matches exactly "johndoe@example.com":

curl http://identity-pre.schibsted.com/api/2/users?oauth_token=TOKEN& \
  email=johndoe@example.com

Get all users that where registered between 2011-01-20 (timestamp 1295478000) and 2011-01-21:

curl http://identity-pre.schibsted.com/api/2/users?oauth_token=TOKEN& \
  since=1295478000& \
  until=2011-01-21

Get all users that where registered between yesterday and now:

curl http://identity-pre.schibsted.com/api/2/users?oauth_token=TOKEN& \
  since=yesterday& \
  until=now

Filters

The endpoint supports many filters (see below). If no filters are provided, active users for the client is returned. Users with status 0 and 1 are considered active. If since and until parameter are provided but no updated filter, since and until will be used together with published field instead of updated field.

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.

Request

GET /api/2/users

fields

optional

A list of fields to select, makes for a slimmer response.

sort

optional

id

optional

Exact match.

userId

optional

Exact match.

email

optional

Exact match for the primary email.

emails

optional

Exact match for either the primary or one of the secondary emails.

emails_regex

optional

Regexp search all emails.

displayName

optional

Sub-string match from the beginning of the displayName

givenName

optional

Sub-string match from the beginning of the given name

familyName

optional

Sub-string match from the beginning of the family name

fullName

optional

Sub-string match from the beginning of the given name and family name combined

preferredUsername

optional

Sub-string match from the beginning of the preferred user name

phoneNumber

optional

Sub-string match from the beginning of the primary phone number

phoneNumbers

optional

Sub-string match from the beginning of any phone number

gender

optional

Exact match (male, female, undisclosed, other, withheld)

birthday

optional

Regex search.

address_formatted

optional

Regex search.

address_postalCode

optional

Exact match.

address_country

optional

Exact match.

address_region

optional

Regex search.

address_locality

optional

Regex search.

address_streetAddress

optional

Regex search.

orderId

optional

Search by orderId, if provided will return the user that owns the order.

paymentIdentifier

optional

Search by payment identifier.

filters

optional
updated
Filter by recently updated items, order by last updated (should be used with since & until)
verified
Filter by users with status verified
unverified
Filter by users with status unverified
inactive blocked
deleted
Filter by items with a deleted status
facebook
Filter by users using Facebook as a third party login
google
Filter by users using Google as a third party login
live
Filter by users using Live as a third party login
imported
Filter by users that have been imported
merchant
Show all results within the current merchant rather than the current client

The pagination parameters limit, since, offset, and until are also supported.

Example request

cURL
Minimal example
curl https://login.schibsted.com/api/2/users -G \
   -d "oauth_token=[access token]"
With all parameters
curl https://login.schibsted.com/api/2/users -G \
   -d "oauth_token=[access token]" \
   -d "fields=id,fullName,email" \
   -d "sort=userId" \
   -d "id=1337" \
   -d "userId=42" \
   -d "email=johnd@example.com" \
   -d "emails=johnd@example.com" \
   -d "emails_regex=.*@somewhere.com" \
   -d "displayName=John" \
   -d "givenName=John" \
   -d "familyName=Doe" \
   -d "fullName=John Emeritus Doe" \
   -d "preferredUsername=johnd" \
   -d "phoneNumber=+46701111111" \
   -d "phoneNumbers=+46701111111" \
   -d "gender=undisclosed" \
   -d "birthday=1977-01-31" \
   -d "address_formatted=Street 2, 0123 City, Norway" \
   -d "address_postalCode=0123" \
   -d "address_country=Norway" \
   -d "address_region=City" \
   -d "address_locality=Norway" \
   -d "address_streetAddress=Street" \
   -d "orderId=42" \
   -d "paymentIdentifier=2"
Java
Minimal example
SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    GET(token, "/users").
    getResponseBody();
With all parameters
Map<String, String> params = new HashMap<>() {{
    put("fields", "id,fullName,email");,
    put("sort", "userId");,
    put("id", "1337");,
    put("userId", "42");,
    put("email", "johnd@example.com");,
    put("emails", "johnd@example.com");,
    put("emails_regex", ".*@somewhere.com");,
    put("displayName", "John");,
    put("givenName", "John");,
    put("familyName", "Doe");,
    put("fullName", "John Emeritus Doe");,
    put("preferredUsername", "johnd");,
    put("phoneNumber", "+46701111111");,
    put("phoneNumbers", "+46701111111");,
    put("gender", "undisclosed");,
    put("birthday", "1977-01-31");,
    put("address_formatted", "Street 2, 0123 City, Norway");,
    put("address_postalCode", "0123");,
    put("address_country", "Norway");,
    put("address_region", "City");,
    put("address_locality", "Norway");,
    put("address_streetAddress", "Street");,
    put("orderId", "42");,
    put("paymentIdentifier", "2");
}};

SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    GET(token, "/users", params).
    getResponseBody();

This example is an excerpt, see a full example

PHP
Minimal example
<?php
$client->auth();
echo var_dump($client->api("/users"));
With all parameters
<?php
$params = array(
    "fields" => "id,fullName,email",
    "sort" => "userId",
    "id" => "1337",
    "userId" => "42",
    "email" => "johnd@example.com",
    "emails" => "johnd@example.com",
    "emails_regex" => ".*@somewhere.com",
    "displayName" => "John",
    "givenName" => "John",
    "familyName" => "Doe",
    "fullName" => "John Emeritus Doe",
    "preferredUsername" => "johnd",
    "phoneNumber" => "+46701111111",
    "phoneNumbers" => "+46701111111",
    "gender" => "undisclosed",
    "birthday" => "1977-01-31",
    "address_formatted" => "Street 2, 0123 City, Norway",
    "address_postalCode" => "0123",
    "address_country" => "Norway",
    "address_region" => "City",
    "address_locality" => "Norway",
    "address_streetAddress" => "Street",
    "orderId" => "42",
    "paymentIdentifier" => "2"
);

$client->auth();
echo var_dump($client->api("/users", $params));

This example is an excerpt, see a full example

Clojure
Minimal example
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/GET client token "/users"))
With all parameters
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/GET client token "/users" {"fields" "id,fullName,email"
                                   "sort" "userId"
                                   "id" "1337"
                                   "userId" "42"
                                   "email" "johnd@example.com"
                                   "emails" "johnd@example.com"
                                   "emails_regex" ".*@somewhere.com"
                                   "displayName" "John"
                                   "givenName" "John"
                                   "familyName" "Doe"
                                   "fullName" "John Emeritus Doe"
                                   "preferredUsername" "johnd"
                                   "phoneNumber" "+46701111111"
                                   "phoneNumbers" "+46701111111"
                                   "gender" "undisclosed"
                                   "birthday" "1977-01-31"
                                   "address_formatted" "Street 2, 0123 City, Norway"
                                   "address_postalCode" "0123"
                                   "address_country" "Norway"
                                   "address_region" "City"
                                   "address_locality" "Norway"
                                   "address_streetAddress" "Street"
                                   "orderId" "42"
                                   "paymentIdentifier" "2"}))

Response

This endpoint supports the JSON, JSON-P, and response formats.

Success: 200 OK

Returns all users matched by the query.

User

The user object is based on the portable contacts specification. It is extended with some custom fields. userId is an integer and represents the unique user ID, while id is a legacy uuid and should be ignored in new integrations. The uuid is also a user identifier, which is is globally unique and should therefore be the preferred identifier for a user. The email and phoneNumber fields will always contain the primary used for both if available. The corresponding *Verified fields are the date of the last time those were verified.

When requesting a user that is not connected to the authorized client, only public profile data will be available:

  • id
  • userId
  • uuid
  • status
  • displayName
  • name
  • gender
  • preferredUsername
  • utcOffset
  • published
  • updated
  • lastLoggedIn
  • locale
  • tracking

id

string

Legacy uuid. Don't use. Portable contacts

userId

integer (as string)

Unique user ID. Custom extension.

uuid

string

Unique user UUID. Custom extension. Should be preferred as the user identifier.

name

Name

A JSON string. See the name type for details

displayName

string

Name suitable for displaying to end-users.

published

date-time

The date this user was first added. Can return false if the user account was deleted.

updated

date-time

The most recent date the details of this user were updated

status

User status

email

string

Primary email

emailVerified

string

Date when the email was last verified.

emails

list of Email addresses

All user's registered email addresses.

phoneNumber

string

Primary phone number

phoneNumberVerified

string

Date when the phone number was last verified.

phoneNumbers

list of Phone numbers

All user's registered phone numbers.

verified

string

Date when user last verified data (email, phone number). Returns false if user wasn't verified.

url

string

photo

string

URL to a photo of the user (GIF/JPG/PNG)

preferredUsername

string

gender

string

One of undisclosed, female, male, other, withheld. Default is undisclosed. Portable contacts

birthday

date

Date of birth in YYYY-MM-DD format. Year will be 0000 if not provided. Defaults to 0000-00-00. Portable contacts

locale

string

The user's preferred locale. Locales follow ISO Language and country codes respectively, joined by an underscore.

utcOffset

string

The user's timezone, given as offset from UTC.

lastLoggedIn

datetime

Returns false if the user has not been logged in before.

lastAuthenticated

datetime

The last time the user authenticated with their password. Returns false if the user has not been authenticated before.

imported

datetime

migrated

datetime

addresses

collection of Addresses, as an object with type for property names, and Addresses for values

If user has no addresses returns empty array.

accounts

list of Third-party accounts

Third-party accounts and other client services

merchants

array

List of SPiD merchants the user is connected to

currentLocation

list of Addresses

If user has no current location returns empty array.

tracking

boolean

If true, the user has behavioral tracking enabled (pilot feature, may not remain as-is)

The check mark indicates that the field always contains a valid non-empty value.

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 400 Bad Request Invalid parameter value
  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact SPiD to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Access token rejected
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 404 Not Found No users found
  • 420 Request Ratelimit exceeded

Sample response

JSON
[
  {
    "status": 1,
    "gender": "female",
    "userId": "658898",
    "name": {
      "familyName": "Bergsten",
      "givenName": "Claes",
      "formatted": "Claes Bergsten"
    },
    "locale": "nb_NO",
    "displayName": "Claes",
    "utcOffset": "+02:00",
    "published": "2013-04-03 14:48:31",
    "updated": "2014-04-11 15:37:07",
    "preferredUsername": "Claes",
    "id": "515c251fefd04bcd36000003",
    "lastLoggedIn": "2014-04-22 13:29:20"
  }
]
JSON-P
callback([
  {
    "status": 1,
    "gender": "female",
    "userId": "658898",
    "name": {
      "familyName": "Bergsten",
      "givenName": "Claes",
      "formatted": "Claes Bergsten"
    },
    "locale": "nb_NO",
    "displayName": "Claes",
    "utcOffset": "+02:00",
    "published": "2013-04-03 14:48:31",
    "updated": "2014-04-11 15:37:07",
    "preferredUsername": "Claes",
    "id": "515c251fefd04bcd36000003",
    "lastLoggedIn": "2014-04-22 13:29:20"
  }
]);

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.