Retrieves a specific user member for a specified iTwin.
Missing Users
When users are removed from the Bentley Identity Management System, they are not automatically removed from the iTwin. Therefore, it is possible to have a situation where the user is no longer valid, yet they are still a user member of the iTwin. When this happens, the user member will be returned from this API endpoint with the follow values:
{
"id": <memberId>,
"email": null,
"givenName": null,
"surname": null,
"organization": null,
...
}
You should account for this in your software if you do not want to show these users.
Cleanup
The Access Control API will perform a once-a-week cleanup to remove these "Missing Users". You can rely on this automated clean-up if this timeline is sufficient.
If not, you can use the Remove iTwin User Member API (use the memberId) to remove the user member from the iTwin.
Authentication
Requires Authorization
header with valid Bearer token for scope itwin-platform
.
For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.
Authorization
The calling user must be a member of the iTwin. Organization Administrator can also retrieve an iTwin user member for any iTwin in their Organization.
An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.
Request parameters
Request headers
OAuth access token with itwin-platform
scope
Setting to application/vnd.bentley.itwin-platform.v2+json
is recommended.
Response 200 OK
OK
{ "member": { "id": "69e0284a-1331-4462-9c83-9cdbe2bdaa7f", "email": "Thomas.Wilson@example.com", "givenName": "Thomas", "surname": "Wilson", "organization": "Organization Corp.", "roles": [{ "id": "5abbfcef-0eab-472a-b5f5-5c5a43df34b1", "displayName": "Read Access" }] } }
Response 401 Unauthorized
This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.
{ "error": { "code": "HeaderNotFound", "message": "Header Authorization was not found in the request. Access denied." } }
Response 404 Not Found
This response indicates that iTwin or user member with specified ID was not found.
{ "error": { "code": "ItwinNotFound", "message": "Requested iTwin is not available." } }
Response 429 Too many requests
This response indicates that the client sent more requests than allowed by this API for the current tier of the client.
{ "error": { "code": "RateLimitExceeded", "message": "The client sent more requests than allowed by this API for the current tier of the client." } }
Response headers
Number of seconds to wait until client is allowed to make more requests.
iTwin User Member
The user Id in Identity Management System.
User email.
User given name.
User surname.
Organization user is member of in Identity Management System.
{ "type": "object", "title": "iTwin User Member", "properties": { "id": { "type": "string", "description": "The user Id in Identity Management System." }, "email": { "type": "string", "description": "User email." }, "givenName": { "type": "string", "description": "User given name." }, "surname": { "type": "string", "description": "User surname." }, "organization": { "type": "string", "description": "Organization user is member of in Identity Management System." }, "roles": { "type": "array", "description": "List of roles.", "items": { "$ref": "#/components/schemas/Role" } } }, "additionalProperties": false }
Role
The role id.
The display name of your Role.
A description of your Role.
List of permissions assigned to the role.
{ "type": "object", "properties": { "id": { "type": "string", "description": "The role id." }, "displayName": { "type": "string", "description": "The display name of your Role." }, "description": { "type": "string", "description": "A description of your Role." }, "permissions": { "type": "array", "description": "List of permissions assigned to the role.", "items": { "type": "string" } } }, "additionalProperties": false }
User Member (update)
{ "type": "object", "title": "User Member (update)", "properties": { "member": { "$ref": "#/components/schemas/UserMemberRepresentation" } }, "required": [ "member" ], "additionalProperties": false }
Error
Contains error information.
One of a server-defined set of error codes.
A human-readable representation of the error.
The target of the error.
{ "type": "object", "description": "Contains error information.", "properties": { "code": { "type": "string", "description": "One of a server-defined set of error codes." }, "message": { "type": "string", "description": "A human-readable representation of the error." }, "target": { "type": "string", "description": "The target of the error.", "nullable": true } }, "required": [ "code", "message" ], "additionalProperties": true }
Error Response
Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.
{ "type": "object", "title": "Error Response", "description": "Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.", "properties": { "error": { "description": "Error information.", "$ref": "#/components/schemas/Error" } }, "required": [ "error" ], "additionalProperties": false }
Was this page helpful?