---
title: "Users"
description: "REST endpoints for users. Bearer-auth required."
section: "API"
group: "REST"
order: 75
---

## GET /api/users

List users

Returns current user for regular users, all users for admins.

**Query parameters**

- `limit` (optional): Max items per page (1–100, default 100).
- `after` (optional): Keyset cursor — return the page after this row (next page).
- `before` (optional): Keyset cursor — return the page before this row (prev page).
- `ids` (optional): Comma-separated IDs. Narrows results to these IDs within the caller's accessible scope (does not bypass access checks).
- `role` (optional): Filter by role (admin only — non-admins see themselves).
- `email` (optional): Case-insensitive substring match on email. Admins only.
- `name` (optional): Case-insensitive substring match on name. Admins only.

**Response**

```json
{
  "data": [
    {
      "id": "<...>",
      "name": "<...>",
      "email": "<...>",
      "handle": "<...>",
      "role": "<...>",
      "emailVerified": "<...>",
      "createdAt": "<...>"
    }
  ],
  "pageInfo": {
    "total": "number",
    "hasNextPage": "boolean",
    "hasPreviousPage": "boolean",
    "startCursor": "string",
    "endCursor": "string"
  }
}
```

## GET /api/users/{id}

Get user

**Path parameters**

- `id` (required): The user's prefixed ID.

**Response**

```json
{
  "id": "string",
  "name": "string",
  "email": "string",
  "handle": "string",
  "role": "admin | user | service",
  "emailVerified": "boolean",
  "createdAt": "string"
}
```

## PATCH /api/users/{id}

Update user

**Path parameters**

- `id` (required): The user's prefixed ID.

**Request body**

```json
{
  "name?": "string",
  "handle?": "string",
  "role?": "admin | user | service"
}
```

**Response**

```json
{
  "id": "string",
  "name": "string",
  "email": "string",
  "handle": "string",
  "role": "admin | user | service",
  "emailVerified": "boolean",
  "createdAt": "string"
}
```

## DELETE /api/users/{id}

Delete user

**Path parameters**

- `id` (required): The user's prefixed ID.

**Response**

```json
{
  "success": "boolean"
}
```

## GET /api/users/me

Get current user

Returns the authenticated user's profile. Resolves the bearer token / cookie session to the underlying user. Used by clients (mobile, CLI `whoami`) to render the signed-in identity without knowing the user's prefixed ID up front.

**Response**

```json
{
  "id": "string",
  "name": "string",
  "email": "string",
  "handle": "string",
  "role": "admin | user | service",
  "emailVerified": "boolean",
  "createdAt": "string"
}
```