Search users
const url = 'https://api.torii.so/api/server/v1/users/search?limit=50&cursor=01931a73-8b00-7000-8000-000000000000';const options = { method: 'POST', headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'}, body: '{"name":"Ada","userIds":["01931a73-8b00-7000-8000-000000000000"],"emailAddresses":["ada@example.com"],"email":"@example.com","statuses":["active"],"createdAfter":"2026-01-01T00:00:00Z","createdBefore":"2026-12-31T23:59:59Z"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url 'https://api.torii.so/api/server/v1/users/search?limit=50&cursor=01931a73-8b00-7000-8000-000000000000' \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "name": "Ada", "userIds": [ "01931a73-8b00-7000-8000-000000000000" ], "emailAddresses": [ "ada@example.com" ], "email": "@example.com", "statuses": [ "active" ], "createdAfter": "2026-01-01T00:00:00Z", "createdBefore": "2026-12-31T23:59:59Z" }'Returns a cursor-paginated page of end-users in the environment matching the optional filters. Uses POST so the filter body can be sent without URL-encoding. Three id-selectors resolve users to a set of ids (userIds, the explicit batch-by-id lookup; emailAddresses, exact and case-insensitive; email, a case-insensitive substring); when more than one is supplied they are combined with AND (intersection). The remaining filters (name, statuses, createdAfter/createdBefore) apply on top.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ”Maximum number of items in the returned page (default 20).
Example
50Opaque cursor returned by the previous page’s nextCursor. Omit to fetch the first page.
Example
01931a73-8b00-7000-8000-000000000000Request Body
Section titled “Request Body ”Optional filter body for POST /users/search. Every field is tri-state: omit to skip that filter, send a value to apply it. The three id-selectors (userIds, emailAddresses, email) resolve users to a set of ids and, when more than one is supplied, are combined with AND (intersection); a supplied id-selector whose resolved set is empty returns an empty page. name additionally accepts JSON null to match users with no name; an explicit null or blank email contributes no restriction; the non-nullable statuses field rejects null.
object
Filter by name (case-insensitive substring match). Send null to require users with no name.
Example
AdaRestrict to these user ids (the explicit batch-by-id lookup), at most 100. AND-combined with the other id-selectors; an empty list returns an empty page.
Example
[ "01931a73-8b00-7000-8000-000000000000"]Resolve users by exact (case-insensitive) email address (one or more, at most 100). Unlike email, never matches a superstring. AND-combined with the other id-selectors; an empty list, or addresses matching nobody, returns an empty page.
Example
[ "ada@example.com"]Filter by primary email (case-insensitive substring match). AND-combined with the other id-selectors. An explicit null or blank value contributes no restriction.
Example
@example.comFilter by user status. Returns users matching any of the supplied statuses.
Only return users created at or after this instant (ISO-8601 UTC).
Example
2026-01-01T00:00:00ZOnly return users created at or before this instant (ISO-8601 UTC).
Example
2026-12-31T23:59:59ZResponses
Section titled “ Responses ”Page of matching users.
A single page of results in a cursor-paginated list. Pass nextCursor as the cursor query parameter to fetch the following page.
object
Items in this page, in stable order.
An end-user, including server-only private metadata. Returned only on the secret-key backend API.
object
Unique identifier for this user.
Identifier of the environment this user belongs to.
Full name on the profile, if any.
First (given) name on the profile, if any.
Last (family) name on the profile, if any.
Preferred locale for emails and UI messages.
Lifecycle status of the user (e.g. active, banned).
When this user was created (ISO-8601 UTC).
When this user was last modified (ISO-8601 UTC).
Primary email on the profile, if any.
When this user’s primary email was verified, if it has been verified.
When this user was deleted, if soft-deleted. Null for active users.
Public metadata: readable by the SDK, writable only server-side.
object
Private metadata: server-only. Never exposed to the SDK or in a JWT.
object
Unsafe metadata: readable and writable by the end-user via the SDK.
object
Cursor to pass to fetch the next page. Null when this is the last page.
True if more pages are available (equivalent to nextCursor != null).
Example
{ "items": [ { "id": "01931a73-8b00-7000-8000-000000000000", "environmentId": "01931a72-0000-7000-8000-000000000000", "name": "Ada Lovelace", "firstName": "Ada", "lastName": "Lovelace", "locale": "en", "status": "active", "createdAt": "2026-05-16T09:30:00Z", "updatedAt": "2026-05-16T10:00:00Z", "email": "ada@example.com", "emailVerifiedAt": "2026-05-16T09:35:00Z", "deletedAt": "2026-05-20T12:00:00Z", "publicMetadata": { "plan": "pro" }, "privateMetadata": { "billingCustomerId": "cus_123" }, "unsafeMetadata": { "onboardingStep": 2 } } ], "nextCursor": "01931a73-8b00-7000-8000-000000000000", "hasMore": true}An id-selector list exceeds 100 entries.
object
object
Example generated
{ "type": "https://example.com", "title": "example", "status": 1, "detail": "example", "instance": "https://example.com", "properties": { "additionalProperty": "example" }}Missing or invalid secret key.
object
object
Example generated
{ "type": "https://example.com", "title": "example", "status": 1, "detail": "example", "instance": "https://example.com", "properties": { "additionalProperty": "example" }}