User List

Updated on May 21, 2025

7 minute(s) read

Post

/api/runtime/userlist/v3

The User List API call is an open-ended question for a specific Asset. It returns the list of users, their associated Attributes and which action they are allowed to perform on a specific Asset.

Note: The User List end point is used primarily for reporting data. There are time and amount constraints based on your Identity sources.

Notice

When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location

United States Cloud PDP - `https://tenant-name.us1.plainid.io`

Canadian Cloud PDP - `https://tenant-name.ca1.plainid.io`

European Cloud PDP - `https://tenant-name.eu1.plainid.io`

Local PAA - `https://your-paa.acme.local`

For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.

Important note about headers

Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

Headers

*Required

Header	Value	cURL Line
content-type	`application/json`	`-H 'Content-Type: application/json' `

cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right under the Try It\* or the Code Sample tabs. They will then appear in the cURL sample in the correct format to use in your API tool.

\*Try It function coming soon.

Header parameters

X-Client-Id

string

Client ID of the Scope
The clientId is required, ensure that it is defined either in the header as X-Client-Id or in the body as clientId.

X-Client-Secret

string

Client Secret ID of the Scope.
You can also authenticate with an Authorization Token (in your API tool). Note that the X-Client-Id is still required, whether in the header or the body. Refer to Setting up an Authentication Method for more information.

Body parameters

User List request

{
  "clientId": "[ClientID]",
  "clientSecret": "[ClientSecret]",
  "asset": {
    "resourceType": "Account US",
    "path": "Transfer US 5000",
    "actions": [
      "Access"
    ],
    "assetAttributes": {
      "order_type": [
        "credit_card"
      ],
      "customer_type": [
        "private"
      ]
    }
  },
  "contextData": {
    "string": [
      "string"
    ]
  },
  "environment": {
    "string": [
      "string"
    ]
  },
  "remoteIp": "string",
  "timeZoneOffset": 0.0,
  "entityTypes": [
    {
      "name": "User",
      "attributeList": [
        "attr1",
        "attr2"
      ]
    }
  ],
  "includeContext": false,
  "includeAccessPolicy": false,
  "includeAsset": false,
  "includeInActiveIdentities": false,
  "includeIdentityAttributes": false,
  "accessTokenFormat": "JSON",
  "useCache": true,
  "calculateCorrelationAttributes": [
    {
      "entityType": "User",
      "entityAttribute": "uid",
      "resourceAttribute": "resource_attr"
    }
  ],
  "operationalFilters": [
    {
      "filterType": "identitySourcesFilterByIDs",
      "filterProperties": {
        "filterAction": "INCLUDE",
        "objectsList": [
          "sourceID_123",
          "sourceID_456"
        ]
      }
    },
    {
      "filterType": "userListIdentitiesFilterByRule",
      "filterProperties": {
        "filterDetails": [
          {
            "sourceId": "c9a74c7d-e81c-4d16-b22e-7dbf8921f7ef",
            "filtersRelation": "OR",
            "filters": [
              {
                "attribute": "uid",
                "operator": "IN",
                "values": [
                  "user1",
                  "user2"
                ]
              }
            ]
          }
        ]
      }
    }
  ]
}

Expand All

object

clientId

string Required

Client ID of the Scope
The Client ID is required, ensure that it is defined either in the header as X-Client-Id or in the body as clientId.

Min length1

clientSecret

string

Min length1

asset

object Required

resourceType

string

Asset Template ID (required)

path

string

Unique Identifier of the Asset (required)

actions

Array

Name of the Action (optional)

assetAttributes

object

(optional)

attribute_1

string

attribute_2

string

contextData

object

Identity Context data for this request.

When specifying this parameter, you are requesting information based on a specific parameter and its value.

For example, Location where the contextData equals a specific branch.

If not defined, Dynamic groups based on context data will not be considered in the Access Decision.

string

Array

environment

object

Environmental parameters need to be defined in policies as request. (in Assetrules or Conditions) and also sent in the authorization request. Only the assets that match what will be sent in the request will come back.

If not defined, parameters based on environmental data will not be considered in the Access Decision.

string

Array

remoteIp

string

IP address to be used when validating a Policy. Ensure that your IP Ranges are correct based on an IP calculator. If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header). If not defined,the IP considered in the calculation is taken from the X-Forwarded-For (Request header).

timeZoneOffset

number

To define the offset from UTC time zone.

Used in Time Condition.

Default0

Example-12

entityTypeId

string

Identity Template ID. This is used to distinguish between different Workspaces and Identity Templates.

Min length1

entityTypes

Array of object

This parameter enables you to decrease the payload size by including a list of Identity Types and their Attributes returning in the response. If not specified, all identities from all Identity Types are included in the response.

object

name

string

attributeList

Array

includeContext

boolean

Show/hide the context data in the response.

Defaultfalse

includeAccessPolicy

boolean

Show/hide the name of the Policy in the response that has granted the specified access.

Defaultfalse

includeAccessPolicyId

boolean

Show/hide the external id of the Policy in the response that granted the specified access.

Defaultfalse

includeAsset

boolean

Show/hide the Asset Attribute of the Assets from the request.

Defaultfalse

includeInActiveIdentities

boolean

Show/hide the inactive users in the response.

Defaultfalse

includeIdentityAttributes

boolean

Show/hide the Identity Attributeof the Identity in the response.

Defaultfalse

accessTokenFormat

string

Determines the format of the response – whether JSON, JWT, or StandardJWT.

Default"JSON"

listOfResources

string

useCache

boolean

The Attribute determines if the response considers the cache settings or override the cache and perform a full calculation.

Defaulttrue

calculateCorrelationAttributes

Array of object (correlationAttributeRequest)

Enables the response to include the Attribute(s) that influenced the access decision, based on predefined correlation logic. The correlation is defined using combinations of entityType, entityAttribute, and resourceAttribute, helping to identify which Identity Attribute matched which resource Attribute during evaluation.

object

entityType

string

entityAttribute

string

resourceAttribute

string

operationalFilters

Array of object

These operational filters should affect the Runtime behavior and results by applying additional filtering which is not directly related to Authorization logic.

object

#content#

OneOf

identitySourcesFilterByIDs

object (identitySourcesFilterByIDs)

filterType

string Required

filterProperties

object

filterAction

string Required

Valid values[ "\"INCLUDE\"", "\"EXCLUDE\"" ]

objectsList

Array of string Required

string

Input your sourceID/s here. For information on the sourceID parameter and where to locate it, check out Managing Attribute Sources in the PlainID documentation.

userListIdentitiesFilterByRule

object (userListIdentitiesFilterByRule)

filterType

string Required

filterProperties

object

filterDetails

Array of object Required

object

sourceId

string Required

Input your sourceID/s here. For information on the sourceID parameter and where to locate it, check out Managing Attribute Sources in the PlainID documentation.

filtersRelation

string Required

Valid values[ "\"OR\"", "\"AND\"" ]

filters

Array of object Required

object

attribute

string Required

For more information on where to locate attributes, see Managing Identity Attributes.

operator

string Required

Valid values[ "\"IN\"", "\"EQUALS\"" ]

values

Array of string Required

string

Responses

200

users list for asset - 200

{
  "response": [
    {
      "action": "Access",
      "entities": [
        {
          "entityType": "bank_users",
          "uid": "UX-12349"
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12348"
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12347"
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12346"
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12345"
        }
      ]
    },
    {
      "action": "TestAction",
      "entities": []
    }
  ]
}

includeIdentityAttributes - 200

{
  "response": [
    {
      "action": "Access",
      "entities": [
        {
          "entityType": "bank_users",
          "uid": "UX-12349",
          "attributes": {
            "uid": [
              "UX-12349"
            ],
            "location": [
              "Alabama"
            ],
            "department": [
              "Mortgage"
            ],
            "branch": [
              "vitae nisl"
            ]
          }
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12348",
          "attributes": {
            "uid": [
              "UX-12348"
            ],
            "location": [
              "Alabama"
            ],
            "department": [
              "Loans"
            ],
            "branch": [
              "varius integer"
            ]
          }
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12347",
          "attributes": {
            "uid": [
              "UX-12347"
            ],
            "location": [
              "Alabama"
            ],
            "department": [
              "Savings"
            ],
            "branch": [
              "egestas metus"
            ]
          }
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12346",
          "attributes": {
            "uid": [
              "UX-12346"
            ],
            "location": [
              "Alabama"
            ],
            "department": [
              "Mortgage"
            ],
            "branch": [
              "ac est"
            ]
          }
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12345",
          "attributes": {
            "uid": [
              "UX-12345"
            ],
            "location": [
              "Alabama"
            ],
            "department": [
              "Savings"
            ],
            "branch": [
              "sapien quis"
            ]
          }
        }
      ]
    },
    {
      "action": "TestAction",
      "entities": []
    }
  ]
}

includeAccessPolicy and includeAccessPolicyId - 200

{
  "response": [
    {
      "action": "Access",
      "entities": [
        {
          "entityType": "bank_users",
          "uid": "UX-12349",
          "permissions": [
            {
              "permission": "Manage consumers accounts in branch",
              "permissionId": "p1"
            }
          ]
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12348",
          "permissions": [
            {
              "permission": "Manage consumers accounts in branch",
              "permissionId": "p1"
            }
          ]
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12347",
          "permissions": [
            {
              "permission": "Manage consumers accounts in branch"
            },
            {
              "permissionId": "p1"
            }
          ]
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12346",
          "permissions": [
            {
              "permission": "Manage consumers accounts in branch",
              "permissionId": "p1"
            }
          ]
        },
        {
          "entityType": "bank_users",
          "uid": "UX-12345",
          "permissions": [
            {
              "permission": "Manage consumers accounts in branch",
              "permissionId": "p1"
            }
          ]
        }
      ]
    },
    {
      "action": "TestAction",
      "entities": []
    }
  ]
}

Expand All

object

asset

object

resourceType

string

Asset Template ID (required)

path

string

Unique Identifier of the Asset (required)

assetAttributes

object

(optional)

attribute_1

string

attribute_2

string

contextData

object

string

Array

response

Array of object

object

action

string

entities

Array of object

object

entityType

string

uid

string

permissions

Array of object

object

permission

string

permissionId

string

permissionMetadata

object (permissionMetadata)

Additional response metadata. This response is only returned when the includeAccessPolicy is set to true, and when the permissionMetadata object contains one or more properties.

attributes

object

string

Array

400

Basic Request - 400 - Bad Request

{}

object

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

501

Not Implemented

Was this article helpful?