Manage Users Using the Management API
In addition to using the Dashboard, you can retrieve, create, update or delete users using our Management API.
How to manage users
If you want to call the Management API directly, you will first need to generate the appropriate Access Token. For information on how to do that refer to Access Tokens for the Management API.
Alternatively, you can use an SDK to implement the functionality you need to call the Management API from your application. For a list of available SDKs, refer to the SDKs section of our Support Matrix.
If you're looking to manage Auth0 Dashboard access for your team members check out Manage Dashboard Access.
Limitations
By default, user profile attributes provided by identity providers other than Auth0 (such as Google, Facebook, Twitter) are not directly editable because they are updated from the identity provider each time the user logs in.
To be able to edit the name
, nickname
, given_name
, family_name
, or picture
root attributes on the normalized user profile, you must configure your connection sync with Auth0 so that user attributes will be updated from the identity provider only on user profile creation. These root attributes will then be available to be edited individually or by bulk imports
Set passwords
The password can be set via the create
or update
calls, but for security purposes, it cannot be viewed via the get
or list user
commands. The right side of the API explorer provides hints on the user profile attributes which can be viewed or modified for any given call.
Endpoints
You can use the
/users
endpoint to retrieve information about all users. You can also include search criteria to find specific users.Use the
/user_id
to retrieve information about one user based on theuser_id
. Theuser_id
is an internal identifier that consists of a connection name and a unique identifier for the user. Theuser_id
is different from the ID Token.The
/userinfo
endpoint takes as input the Auth0 Access Token and returns user profile information. This endpoint will include the results of any rules that may have altered the user profile during the authentication transaction, but the resulting user profile will not be filtered by any Scoping.The
/tokeninfo
endpoint takes as input the Auth0 ID Token and returns User Profile information. This endpoint will return a result that does not include the results of any rules that alter the User Profile.