# GET /api/v1/users > List users - **Tag:** user - **Operation ID:** `list_users_api_v1_users_get` ## Description List users with optional filtering. Pass x-business-id header or business_id for business-scoped view; firm_id for firm-wide view. ## Authentication Bearer token in `Authorization` header. Required header: `x-business-id: `. ## Parameters - `search` (query, string, optional) — Search users by name or email - `id` (query, string, optional) — Filter by user UUID - `email` (query, string, optional) — Filter by exact email address - `business_id` (query, string, optional) — Filter by business UUID. Returns users in that business only. - `firm_id` (query, string, optional) — Filter by advisory firm UUID. Firm-wide: all users in that firm. - `cursor` (query, string, optional) — Cursor for pagination - `limit` (query, integer, optional) — Pagination limit - `direction` (query, string, optional) — Pagination direction: 'next' or 'prev' - `include_total_count` (query, boolean, optional) — Whether to include total count (expensive - avoid if possible) - `sort_by` (query, string, optional) — Column name to sort by (e.g. 'created_at', 'amount', 'name'). When changing sort, reset cursor to None. - `descending` (query, boolean, optional) — Sort direction: true for descending (newest/largest first), false for ascending - `x-firm-id` (header, string, optional) — Advisory firm UUID for firm-wide view. Same as firm_id query param. ## Responses ### 200 — Successful Response Schema: `UserCursorListResponse` - `items` (array · UserResponse · required) → `UserResponse` — List of items - `email` (string · email · required) — User email address (unique identifier). - `first_name` (string) — User's first name. - `last_name` (string) — User's last name. - `photo_url` (string) — URL to user's profile photo. - `onboarded` (boolean) — Whether user has completed onboarding. - `props` (object) — Additional user properties/settings. - `id` (string · required) — User UUID. - `created_at` (string · date-time · required) — Account creation timestamp. - `updated_at` (string · date-time · required) — Last profile update timestamp. - `firm_ids` (array · string) — Advisory firm UUIDs the user belongs to. - `role` (Role) — User's role in a business (only included when filtering by business_id). - `total` (integer) — Total number of items (null when not calculated for performance) - `limit` (integer) — Pagination limit - `next_cursor` (string) — Cursor for next page - `prev_cursor` (string) — Cursor for previous page - `has_next` (boolean · required) — Whether there are more items - `has_prev` (boolean · required) — Whether there are previous items ### 401 — Unauthorized - Authentication required ### 403 — Forbidden - Insufficient permissions ### 422 — Validation Error Schema: `HTTPValidationError` - `detail` (array · ValidationError) → `ValidationError` - `loc` (array · string | integer · required) - `msg` (string · required) - `type` (string · required) - `input` (object) - `ctx` (object) ## Code samples ### cURL ```bash curl -X GET 'https://api.ondayzero.com/api/v1/users' \ -H 'Authorization: Bearer dz_your_token' \ -H 'x-business-id: YOUR_BUSINESS_ID' ``` ### JavaScript ```javascript const response = await fetch('https://api.ondayzero.com/api/v1/users', { method: 'GET', headers: { Authorization: 'Bearer dz_your_token', 'x-business-id': 'YOUR_BUSINESS_ID', }, }); const data = await response.json(); ``` ### Python ```python import httpx headers = { "Authorization": "Bearer dz_your_token", "x-business-id": "YOUR_BUSINESS_ID", } response = httpx.get("https://api.ondayzero.com/api/v1/users", headers=headers) data = response.json() ``` ## See also - HTML version: https://www.ondayzero.com/docs/reference/user/list-users - OpenAPI slice: https://www.ondayzero.com/docs/reference/user/list-users/openapi.json - Other endpoints in **user**: https://www.ondayzero.com/docs/reference/user