Get Started
Documentation
Samples
Table of contents
Overview
Tutorials
Samples
Changelog
Access Control

iTwin Members

Download API definition:
Get iTwin members
GET https://api.bentley.com/accesscontrol/itwins/{id}/members[?$skip][&$top]

Retrieves a list of iTwin members and their roles assignments.

Missing Users

When members are removed from the Bentley Identity Management System, they are not automatically removed from the iTwin. Therefore, it is possible to have a situation where the user is no longer valid, yet they are still a member of the iTwin. When this happens, the member will be returned from this API endpoint with the follow values:

{
    "id": <memberId>,
    "email": null,
    "givenName": null,
    "surname": null,
    "organization": null, 
    ...
}

You should account for this in your software if you do not want to show these users.

Cleanup

The Access Control API will perform a once-a-week cleanup to remove these "Missing Users". You can rely on this automated clean-up if this timeline is sufficient.

If not, you can use the Remove iTwin Member API (user the memberId) to remove the member from the iTwin.

Authentication

Requires Authorization header with valid Bearer token for scope itwins:read.

For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

Authorization

The calling user must be a member of the iTwin. Organization Administrator can also retrieve iTwin members for any iTwin in their Organization.

An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.

Request

Request parameters

Name
In
Required?
Description
id
template
Yes

The iTwin ID

$skip
query
No

The $skip query option requests the number of items in the queried collection that are to be skipped and not included in the result.

$top
query
No

The $top system query option requests the number of items in the queried collection to be included in the result. Value must be less or equal to 100.

Request headers

Name
Required?
Description
Authorization
Yes

OAuth access token with scope itwins:read

Accept
No

Setting to application/vnd.bentley.itwin-platform.v1+json is recommended.

Response

Response 200 OK

OK

json
Response 401 Unauthorized
This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.
json
Response 404 Not Found
This response indicates that iTwin with specified ID was not found.
json
Response 422 Unprocessable Entity
Invalid request to get iTwin members.
json
Response 429 Too many requests
This response indicates that the user has sent too many requests in a given amount of time.
json
Response headers
Name
Description
retry-after
The number of requests exceeds the rate-limit for the client subscription.
Definitions
iTwin Member
TableSchema
Name
Type
Description
userId
String
The user Id in Identity Management System.
email
String
User email.
givenName
String
User given name.
surname
String
User surname.
organization
String
Organization user is member of in Identity Management System.
roles
Role[]
List of roles.
iTwin Members
TableSchema
Name
Type
Description
members
Member[]
List of members.
_links
links-paging
Contains the hyperlinks to the previous and next pages of results.
Role
TableSchema
Name
Type
Description
id
String
The role id.
displayName
String
The display name of your Role.
description
String
A description of your Role.
permissions
String[]
List of permissions assigned to the role.
links (paging)
URLs for redoing the current request, getting to the previous or next page of results, if applicable containg.
TableSchema
Name
Type
Description
self
link
URL for redoing the current request.
next
link
URL for getting the next page of results.
prev
link
URL for getting the previous page of results.
link
Hyperlink container.
TableSchema
Name
Type
Description
href
String
Hyperlink container.
Error
Contains error information and an optional array of more specific errors.
TableSchema
Name
Type
Description
code
String
One of a server-defined set of error codes.
message
String
A human-readable representation of the error.
target
String
The target of the error.
details
ErrorDetails[]
Optional array of more specific errors.
Error Details
Contains error information.
TableSchema
Name
Type
Description
code
String
One of a server-defined set of error codes.
message
String
A human-readable representation of the error.
target
String
The target of the error.
Error Response
Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.
TableSchema
Name
Type
Description
error
Error
Error information.