End-User Management
Manage end-users who authenticate with your organization’s services.
Overview
End-users are customers who authenticate with services within your organization. They are distinct from organization members (owners, admins, members who manage the organization).
Endpoints
| Method | Path | Description |
|---|---|---|
GET |
/api/organizations/:slug/users |
List end-users |
GET |
/api/organizations/:slug/users/:user_id |
Get user details |
DELETE |
/api/organizations/:slug/users/:user_id/sessions |
Revoke sessions |
GET /api/organizations/:slug/users
List end-users with pagination.
Synopsis
| Property | Value |
|---|---|
| Authentication | Required (JWT) |
| Authorization | Organization Member |
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
page |
integer |
1 | Page number |
limit |
integer |
50 | Items per page (max 100) |
service_slug |
string |
- | Filter by service slug |
Example Request
curl -X GET "https://sso.example.com/api/organizations/acme-corp/users?service_slug=main-app" \
-H "Authorization: Bearer {jwt}"
Response (200 OK)
{
"users": [
{
"user": {
"id": "user-uuid",
"email": "john@customer.com",
"created_at": "2025-01-15T10:30:00Z"
},
"subscriptions": [
{
"service_id": "svc-uuid",
"service_slug": "main-app",
"service_name": "Main App",
"plan_name": "Free",
"status": "active",
"current_period_end": "2025-02-15T10:30:00Z",
"created_at": "2025-01-15T10:30:00Z"
}
],
"identities": [
{
"provider": "github",
"provider_user_id": "12345",
"created_at": "2025-01-15T10:30:00Z"
}
]
}
],
"total": 1,
"page": 1,
"limit": 50
}
GET /api/organizations/:slug/users/:user_id
Get detailed information about an end-user.
Synopsis
| Property | Value |
|---|---|
| Authentication | Required (JWT) |
| Authorization | Organization Member |
Example Request
curl -X GET https://sso.example.com/api/organizations/acme-corp/users/user-uuid \
-H "Authorization: Bearer {jwt}"
Response (200 OK)
{
"user": {
"id": "user-uuid",
"email": "john@customer.com",
"created_at": "2025-01-15T10:30:00Z"
},
"subscriptions": [
{
"service_id": "svc-uuid",
"service_slug": "main-app",
"service_name": "Main App",
"plan_name": "Free",
"status": "active",
"current_period_end": "2025-02-15T10:30:00Z",
"created_at": "2025-01-15T10:30:00Z"
}
],
"identities": [
{
"provider": "github",
"provider_user_id": "12345",
"created_at": "2025-01-15T10:30:00Z"
}
],
"session_count": 2
}
DELETE /api/organizations/:slug/users/:user_id/sessions
Revoke all active sessions for an end-user.
Synopsis
| Property | Value |
|---|---|
| Authentication | Required (JWT) |
| Authorization | Owner or Admin |
Example Request
curl -X DELETE https://sso.example.com/api/organizations/acme-corp/users/user-uuid/sessions \
-H "Authorization: Bearer {jwt}"
Response (200 OK)
{
"message": "Sessions revoked successfully",
"revoked_count": 3
}
Use Cases
- User reported account compromise
- Employee offboarding
- Security incident response
End-User vs Organization Member
| Aspect | End-User | Organization Member |
|---|---|---|
| Purpose | Uses services | Manages organization |
| Authentication | Via services | Via admin portal |
| Roles | None | Owner, Admin, Member |
| Access | Service-specific | Organization-wide |