> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/panther-developer-workflows/api/rest/users.md).

# Users

## Overview

Use these API operations to interact with [users](/system-configuration.md#user-management) in Panther.

To call the API, see the [How to use the Panther REST API](/panther-developer-workflows/api/rest.md#how-to-use-the-panther-rest-api) instructions—including [directions for how to invoke it directly from this documentation page](/panther-developer-workflows/api/rest.md#step-3-invoke-the-panther-rest-api).

## Required permissions

* For `GET` operations, your API token must have the `Read User Info` permission.
* For `POST` and `DELETE` operations, your API token must have the `Manage Users` permission.

## Operations

## POST /users

> Create a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.ModifyUser":{"type":"object","properties":{"email":{"type":"string","description":"The email address of the user"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"role":{"$ref":"#/components/schemas/UserAPI.Role"}},"required":["email","givenName","familyName","role"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}},"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users":{"post":{"tags":["user"],"summary":"Create a user","operationId":"user#create","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.ModifyUser"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.User"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}}}}}}}
```

## GET /users/{id}

> Get a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}},"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"UserAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users/{id}":{"get":{"tags":["user"],"summary":"Get a user","operationId":"user#get","parameters":[{"name":"id","in":"path","description":"ID of the user","required":true,"schema":{"type":"string","description":"ID of the user"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.User"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.NotFoundError"}}}}}}}}}
```

## POST /users/{id}

> Update a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.ModifyUser":{"type":"object","properties":{"email":{"type":"string","description":"The email address of the user"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"role":{"$ref":"#/components/schemas/UserAPI.Role"}},"required":["email","givenName","familyName","role"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}},"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"UserAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users/{id}":{"post":{"tags":["user"],"summary":"Update a user","operationId":"user#update","parameters":[{"name":"id","in":"path","description":"ID of the user","required":true,"schema":{"type":"string","description":"ID of the user"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.ModifyUser"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.User"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.NotFoundError"}}}}}}}}}
```

## DELETE /users/{id}

> Delete a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"UserAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users/{id}":{"delete":{"tags":["user"],"summary":"Delete a user","operationId":"user#delete","parameters":[{"name":"id","in":"path","description":"ID of the user","required":true,"schema":{"type":"string","description":"ID of the user"}}],"responses":{"200":{"description":"OK response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.NotFoundError"}}}}}}}}}
```

## GET /users

> List users

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"Pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/UserAPI.User"}}},"required":["results"]},"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}}}},"paths":{"/users":{"get":{"tags":["user"],"summary":"List users","operationId":"user#list","parameters":[{"name":"cursor","in":"query","description":"Pagination token","allowEmptyValue":true,"schema":{"type":"string","description":"Pagination token"}},{"name":"limit","in":"query","description":"Maximum number of results to return","allowEmptyValue":true,"schema":{"type":"integer","description":"Maximum number of results to return","default":60,"format":"int64","minimum":1,"maximum":60}},{"name":"contains","in":"query","description":"Search name and email fields in a case-insensitive fashion","allowEmptyValue":true,"schema":{"type":"string","description":"Search name and email fields in a case-insensitive fashion"}},{"name":"email","in":"query","description":"An exact match of a user's email to return. If provided all other parameters are ignored","allowEmptyValue":true,"schema":{"type":"string","description":"An exact match of a user's email to return. If provided all other parameters are ignored"}},{"name":"id","in":"query","description":"Set of IDS to return","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Set of IDS to return"}},{"name":"ids","in":"query","description":"A comma delimited list of IDs","allowEmptyValue":true,"schema":{"type":"string","description":"A comma delimited list of IDs"}},{"name":"include-deactivated","in":"query","description":"Include deactivated users","allowEmptyValue":true,"schema":{"type":"boolean","description":"Include deactivated users"}},{"name":"status","in":"query","description":"Show only users with this Cognito status","allowEmptyValue":true,"schema":{"type":"string","description":"Show only users with this Cognito status"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.ListResp"}}}}}}}}}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.panther.com/panther-developer-workflows/api/rest/users.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.