# Users

## Overview

Use these API operations to interact with [users](/system-configuration.md#user-and-user-role-settings) in Panther.

To call the API, see the [How to use the Panther REST API](/panther-developer-workflows/api/rest.md#how-to-use-the-panther-rest-api) instructions—including [directions for how to invoke it directly from this documentation page](/panther-developer-workflows/api/rest.md#step-3-invoke-the-panther-rest-api).

## Required permissions

* For `GET` operations, your API token must have the `Read User Info` permission.
* For `POST` and `DELETE` operations, your API token must have the `Manage Users` permission.

## Operations

## POST /users

> Create a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.ModifyUser":{"type":"object","properties":{"email":{"type":"string","description":"The email address of the user"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"role":{"$ref":"#/components/schemas/UserAPI.Role"}},"required":["email","givenName","familyName","role"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}},"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users":{"post":{"tags":["user"],"summary":"Create a user","operationId":"user#create","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.ModifyUser"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.User"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}}}}}}}
```

## GET /users/{id}

> Get a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}},"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"UserAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users/{id}":{"get":{"tags":["user"],"summary":"Get a user","operationId":"user#get","parameters":[{"name":"id","in":"path","description":"ID of the user","required":true,"schema":{"type":"string","description":"ID of the user"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.User"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.NotFoundError"}}}}}}}}}
```

## POST /users/{id}

> Update a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.ModifyUser":{"type":"object","properties":{"email":{"type":"string","description":"The email address of the user"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"role":{"$ref":"#/components/schemas/UserAPI.Role"}},"required":["email","givenName","familyName","role"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}},"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"UserAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users/{id}":{"post":{"tags":["user"],"summary":"Update a user","operationId":"user#update","parameters":[{"name":"id","in":"path","description":"ID of the user","required":true,"schema":{"type":"string","description":"ID of the user"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.ModifyUser"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.User"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.NotFoundError"}}}}}}}}}
```

## DELETE /users/{id}

> Delete a user

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"UserAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/users/{id}":{"delete":{"tags":["user"],"summary":"Delete a user","operationId":"user#delete","parameters":[{"name":"id","in":"path","description":"ID of the user","required":true,"schema":{"type":"string","description":"ID of the user"}}],"responses":{"200":{"description":"OK response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.NotFoundError"}}}}}}}}}
```

## GET /users

> List users

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"user","description":"The user api handles all operations for users"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"UserAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"Pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/UserAPI.User"}}},"required":["results"]},"UserAPI.User":{"type":"object","properties":{"createdAt":{"type":"string"},"email":{"type":"string","description":"The email address of the user"},"enabled":{"type":"boolean","description":"Whether the user is active or deactivated"},"familyName":{"type":"string","description":"The family/last name of the user"},"givenName":{"type":"string","description":"The given/first name of the user"},"id":{"type":"string","description":"ID of the user"},"lastLoggedInAt":{"type":"string"},"role":{"$ref":"#/components/schemas/UserAPI.Role"},"status":{"type":"string","description":"The Cognito auth-related status of this User"}},"required":["email","givenName","familyName","role","enabled"]},"UserAPI.Role":{"type":"object","properties":{"id":{"type":"string","description":"The id of the role. Note: id should be excluded if name is provided during a modify operation"},"name":{"type":"string","description":"The name of the role. Note: name should be excluded if id is provided during a modify operation"}}}}},"paths":{"/users":{"get":{"tags":["user"],"summary":"List users","operationId":"user#list","parameters":[{"name":"cursor","in":"query","description":"Pagination token","allowEmptyValue":true,"schema":{"type":"string","description":"Pagination token"}},{"name":"limit","in":"query","description":"Maximum number of results to return","allowEmptyValue":true,"schema":{"type":"integer","description":"Maximum number of results to return","default":60,"format":"int64","minimum":1,"maximum":60}},{"name":"contains","in":"query","description":"Search name and email fields in a case-insensitive fashion","allowEmptyValue":true,"schema":{"type":"string","description":"Search name and email fields in a case-insensitive fashion"}},{"name":"email","in":"query","description":"An exact match of a user's email to return. If provided all other parameters are ignored","allowEmptyValue":true,"schema":{"type":"string","description":"An exact match of a user's email to return. If provided all other parameters are ignored"}},{"name":"id","in":"query","description":"Set of IDS to return","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Set of IDS to return"}},{"name":"ids","in":"query","description":"A comma delimited list of IDs","allowEmptyValue":true,"schema":{"type":"string","description":"A comma delimited list of IDs"}},{"name":"include-deactivated","in":"query","description":"Include deactivated users","allowEmptyValue":true,"schema":{"type":"boolean","description":"Include deactivated users"}},{"name":"status","in":"query","description":"Show only users with this Cognito status","allowEmptyValue":true,"schema":{"type":"string","description":"Show only users with this Cognito status"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserAPI.ListResp"}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/panther-developer-workflows/api/rest/users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.