> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hexclave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List users

> Lists all the users in the project. By default, only fully onboarded users are returned. Restricted users (those who haven't completed onboarding requirements like email verification) are included if `include_restricted` is set to `true`. Anonymous users are included if `include_anonymous` is set to `true` (which also includes restricted users).



## OpenAPI

````yaml /openapi/server.json get /users
openapi: 3.1.0
info:
  title: Hexclave REST API
  version: 1.0.0
  description: >-
    The Hexclave REST API. All request headers are documented as canonical
    `X-Hexclave-*`; the equivalent `X-Stack-*` aliases are accepted on every
    endpoint for backwards compatibility. Response headers
    `X-Hexclave-actual-status`, `X-Hexclave-known-error`, and
    `X-Hexclave-request-id` are emitted alongside their legacy `X-Stack-*`
    equivalents.
servers:
  - url: https://api.hexclave.com/api/v1
    description: Hexclave REST API
security: []
paths:
  /users:
    get:
      tags:
        - Users
      summary: List users
      description: >-
        Lists all the users in the project. By default, only fully onboarded
        users are returned. Restricted users (those who haven't completed
        onboarding requirements like email verification) are included if
        `include_restricted` is set to `true`. Anonymous users are included if
        `include_anonymous` is set to `true` (which also includes restricted
        users).
      parameters:
        - name: team_id
          in: query
          schema:
            type: string
            description: Only return users who are members of the given team
          description: Only return users who are members of the given team
          required: false
        - name: limit
          in: query
          schema:
            type: integer
            description: The maximum number of items to return
          description: The maximum number of items to return
          required: false
        - name: cursor
          in: query
          schema:
            type: string
            description: The cursor to start the result set from.
          description: The cursor to start the result set from.
          required: false
        - name: order_by
          in: query
          schema:
            type: string
            enum:
              - signed_up_at
              - last_active_at
            description: The field to sort the results by. Defaults to signed_up_at
          description: The field to sort the results by. Defaults to signed_up_at
          required: false
        - name: desc
          in: query
          schema:
            type: string
            enum:
              - 'true'
              - 'false'
            description: Whether to sort the results in descending order. Defaults to false
          description: Whether to sort the results in descending order. Defaults to false
          required: false
        - name: query
          in: query
          schema:
            type: string
            description: >-
              A search query to filter the results by. This is a free-text
              search that is applied to the user's id (exact-match only),
              display name and primary email.
          description: >-
            A search query to filter the results by. This is a free-text search
            that is applied to the user's id (exact-match only), display name
            and primary email.
          required: false
        - name: excluded_email_domains
          in: query
          schema:
            type: string
            description: >-
              A comma-separated list of primary email domains to exclude from
              the results.
          description: >-
            A comma-separated list of primary email domains to exclude from the
            results.
          required: false
        - name: include_anonymous
          in: query
          schema:
            type: string
            enum:
              - 'true'
              - 'false'
            description: >-
              Whether to include anonymous users in the results. When true, also
              includes restricted users. Defaults to false
          description: >-
            Whether to include anonymous users in the results. When true, also
            includes restricted users. Defaults to false
          required: false
        - name: only_anonymous
          in: query
          schema:
            type: string
            enum:
              - 'true'
              - 'false'
            description: >-
              Whether to return only anonymous users. When true, implies
              include_anonymous=true. Defaults to false
          description: >-
            Whether to return only anonymous users. When true, implies
            include_anonymous=true. Defaults to false
          required: false
        - name: include_restricted
          in: query
          schema:
            type: string
            enum:
              - 'true'
              - 'false'
            description: >-
              Whether to include restricted users in the results. Defaults to
              false
          description: >-
            Whether to include restricted users in the results. Defaults to
            false
          required: false
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  items:
                    type: array
                    items:
                      type: object
                      properties:
                        id:
                          type: string
                          example: 3241a285-8329-4d69-8f3d-316e08cf140c
                          description: The unique identifier of the user
                        primary_email:
                          type: string
                          example: johndoe@example.com
                          description: Primary email
                        primary_email_verified:
                          type: boolean
                          example: true
                          description: >-
                            Whether the primary email has been verified to
                            belong to this user
                        primary_email_auth_enabled:
                          type: boolean
                          example: true
                          description: >-
                            Whether the primary email is used for
                            authentication. If this is set to `false`, the user
                            will not be able to sign in with the primary email
                            with password or OTP
                        display_name:
                          type: string
                          example: John Doe
                          description: >-
                            Human-readable user display name. This is not a
                            unique identifier.
                        selected_team:
                          type: object
                          properties:
                            created_at_millis:
                              type: number
                              example: 1630000000000
                              description: >-
                                The time the team was created (the number of
                                milliseconds since epoch, January 1, 1970, UTC)
                            server_metadata:
                              type: object
                              example:
                                key: value
                              description: >-
                                Server metadata. Used as a data store, only
                                accessible from the server side. You can store
                                secret information related to the team here.
                            id:
                              type: string
                              example: ad962777-8244-496a-b6a2-e0c6a449c79e
                              description: The unique identifier of the team
                            display_name:
                              type: string
                              example: My Team
                              description: >-
                                Human-readable team display name. This is not a
                                unique identifier.
                            profile_image_url:
                              type: string
                              example: https://example.com/image.jpg
                              description: >-
                                URL of the profile image for team. Can be a
                                Base64 encoded image. Must be smaller than
                                100KB. Please compress and crop to a square
                                before passing in.
                            client_metadata:
                              type: object
                              example:
                                key: value
                              description: >-
                                Client metadata. Used as a data store,
                                accessible from the client side. Do not store
                                information that should not be exposed to the
                                client.
                            client_read_only_metadata:
                              type: object
                              example:
                                key: value
                              description: >-
                                Client read-only, server-writable metadata. Used
                                as a data store, accessible from the client
                                side. Do not store information that should not
                                be exposed to the client. The client can read
                                this data, but cannot modify it. This is useful
                                for things like subscription status.
                          required:
                            - created_at_millis
                            - id
                            - display_name
                        selected_team_id:
                          type: string
                          example: team-id
                          description: ID of the team currently selected by the user
                        profile_image_url:
                          type: string
                          example: https://example.com/image.jpg
                          description: >-
                            URL of the profile image for user. Can be a Base64
                            encoded image. Must be smaller than 100KB. Please
                            compress and crop to a square before passing in.
                        signed_up_at_millis:
                          type: number
                          example: 1630000000000
                          description: >-
                            The time the user signed up (identify) => `(the
                            number of milliseconds since epoch, January 1, 1970,
                            UTC)`
                        client_metadata:
                          type: object
                          example:
                            key: value
                          description: >-
                            Client metadata. Used as a data store, accessible
                            from the client side. Do not store information that
                            should not be exposed to the client.
                        client_read_only_metadata:
                          type: object
                          example:
                            key: value
                          description: >-
                            Client read-only, server-writable metadata. Used as
                            a data store, accessible from the client side. Do
                            not store information that should not be exposed to
                            the client. The client can read this data, but
                            cannot modify it. This is useful for things like
                            subscription status.
                        server_metadata:
                          type: object
                          example:
                            key: value
                          description: >-
                            Server metadata. Used as a data store, only
                            accessible from the server side. You can store
                            secret information related to the user here.
                        last_active_at_millis:
                          type: number
                          example: 1630000000000
                          description: >-
                            The time the user was last active (identify) =>
                            `(the number of milliseconds since epoch, January 1,
                            1970, UTC)`
                        is_anonymous:
                          type: boolean
                        is_restricted:
                          type: boolean
                          example: false
                          description: >-
                            Whether the user is in restricted state (has signed
                            up but not completed onboarding requirements)
                        restricted_reason:
                          type: object
                          properties:
                            type:
                              type: string
                              enum:
                                - anonymous
                                - email_not_verified
                                - restricted_by_administrator
                          required:
                            - type
                          example: null
                          description: >-
                            The reason why the user is restricted (e.g., type:
                            "email_not_verified", "anonymous", or
                            "restricted_by_administrator"), null if not
                            restricted
                        restricted_by_admin:
                          type: boolean
                          example: false
                          description: >-
                            Whether the user is restricted by an administrator.
                            Can be set manually or by sign-up rules.
                        restricted_by_admin_reason:
                          type: string
                          example: null
                          description: >-
                            Public reason shown to the user explaining why they
                            are restricted. Optional.
                        restricted_by_admin_private_details:
                          type: string
                          example: null
                          description: >-
                            Private details about the restriction (e.g., which
                            sign-up rule triggered). Only visible to server
                            access and above.
                        country_code:
                          type: string
                          example: US
                          description: >-
                            Best-effort ISO country code captured at sign-up
                            time from request geo headers.
                        risk_scores:
                          type: object
                          properties:
                            sign_up:
                              type: object
                              properties:
                                bot:
                                  type: integer
                                free_trial_abuse:
                                  type: integer
                              required:
                                - bot
                                - free_trial_abuse
                          required:
                            - sign_up
                          example:
                            sign_up:
                              bot: 0
                              free_trial_abuse: 0
                          description: User risk scores used for sign-up risk evaluation.
                      required:
                        - id
                        - primary_email_verified
                        - primary_email_auth_enabled
                        - signed_up_at_millis
                        - last_active_at_millis
                        - is_anonymous
                        - is_restricted
                        - restricted_by_admin
                        - risk_scores
                  pagination:
                    type: object
                    properties:
                      next_cursor:
                        type: string
                        example: b3d396b8-c574-4c80-97b3-50031675ceb2
                        description: >-
                          The cursor to fetch the next page of results. null if
                          there is no next page.
                    required: []
                required:
                  - items

````