Users
The Users API covers user profile management, identity linking, and account settings for the authenticated Pulumi user.
Get Current User
GET
/api/userReturns the authenticated user’s profile information, including login name, display name, email, avatar URL, and organization memberships.
Responses
200
OK
Schema: User
idstring requiredThe unique identifier of the user.githubLoginstring requiredThe user’s login name (originally from GitHub).namestring requiredThe user’s display name.emailstring requiredThe user’s email address.avatarUrlstring requiredThe URL of the user’s avatar image.- Organizations is the list of Pulumi organizations the user is a member of.
- ↳
namestring requiredThe name of the organization. - ↳
roleenum optionalThe role of the user within this organization.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - ↳
githubLoginstring requiredThe GitHub login associated with the organization. - ↳
avatarUrlstring requiredThe URL of the organization’s avatar image. - ↳
emailstring optionalIMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information. - PotentialOrganizations is the list of Pulumi organizations the user is a potential member of.
- ↳
namestring requiredThe name of the organization. - ↳
roleenum optionalThe role of the user within this organization.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - ↳
githubLoginstring requiredThe GitHub login associated with the organization. - ↳
avatarUrlstring requiredThe URL of the organization’s avatar image. - ↳
emailstring optionalIMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information. identitiesarray[string] requiredIdentities is the array of identities a Pulumi user’s account is tied to.siteAdminboolean optionalSiteAdministrator is whether or not the user is a site administrator.registryAdminboolean optionalRegistryAdmin is whether or not the user is a registry administrator.- TokenInfo is contains metadata, set only for machine tokens & to be used only in the CLI
- ↳
namestring requiredThe name of the access token. - ↳
organizationstring requiredThe organization the token is scoped to, if any. - ↳
teamstring requiredThe team the token is scoped to, if any. hasMFAboolean requiredWhether the user has multi-factor authentication enabled.isOrgManagedboolean requiredWhether the user’s account is managed by an organization.isManagedByMultiOrgboolean requiredWhether the user’s account is managed by multiple organizations.
List GitHub Organization Teams
GET
/api/user/github/{ghOrgName}/teamsListGitHubOrganizationTeams returns all GitHub teams the requesting user has access to see.
Request Parameters
ghOrgNamestring path requiredThe GitHub organization name
Responses
200
OK
- The list of GitHub teams in the organization
- ↳
idinteger requiredThe GitHub team ID - ↳
namestring requiredThe team name - ↳
slugstring requiredThe team slug (URL-friendly name) - ↳
descriptionstring requiredThe team description - ↳
knownToPulumiboolean requiredWhether the team is known to Pulumi
Errors:
400 operation only supported for GitHub-backed users
404 Organization
Get Groups For GitLab App
Deprecated.
GET
/api/user/gitlab-app/organizationsGets a list of GitLab groups available to be used with the Pulumi GitLab app. This endpoint explicitly denotes which groups can be used based on the user’s permissions within each group.
Responses
200
successful operation
Update Default Organization
POST
/api/user/organizations/{orgName}/defaultUpdateDefaultOrganization sets the default organization for the current user.
Request Parameters
orgNamestring path requiredThe organization name
Responses
204
No Content
Get Default Organization
GET
/api/user/organizations/defaultGetDefaultOrganization returns the default organization for the current user.
Responses
200
OK
GitHubLoginstring requiredReturns the organization name. Can be an empty string, if the user is a member of no organizations- Messages is a list of messages that should be displayed to the user that contextualize the default org; for example: warning new users if their default org as returned by the service is on an expiring trial and not free tier, with possible recommendations on how to configure their default org locally. Can be possibly empty.
- ↳
severityenum optionalSeverity is the severity of the message.Values:warning,error,info - ↳
messagestring requiredMessage is the message to display to the user.
Errors:
400 User is not a member of any organizations.
Get Latest Pending Email Change
GET
/api/user/pending-emailsGetLatestPendingEmailChange returns only the latest email change, that is pending. Returns a 204 if no pending email change requests exist.
Responses
200
OK
emailstring requiredThe pending email address awaiting verification
204
No Content
Delete Pending Email Change
DELETE
/api/user/pending-emailsDeletePendingEmailChange removes the pending email change for the currently logged-in user. Deletes the pending verification only if it isn’t a verification record for the current primary email itself.
Responses
204
No Content
Errors:
400 Cannot delete the pending verification for primary email.
List User Org Invites
GET
/api/user/pending-invitesListUserOrgInvites lists the pending invites for the requesting user.
Responses
200
OK
Schema: ListOrganizationInvitesResponse
- The list of pending organization invites
- ↳
idstring requiredID is the internal ID of the invite. Used to refer to this invite later to accept/cancel. - ↳
emailstring requiredThe email address the invite was sent to. - ↳
roleenum requiredRole is the new role to give the member. Must be one of MEMBER, ADMIN, or BILLING MANAGER.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - The user who sent the invite.
- ↳
sentAtinteger requiredSentAt is the timestamp when the invite was first sent. - ↳
acceptInviteUrlstring requiredAcceptInviteURL is the url where a user would go to accept an invite to an organization. - ↳
acceptErrorstring optionalAcceptError is the most recent error a user has hit while trying to accept an organization invite. By default it is null. - ↳
statusstring requiredThe friendly name of the invite status. Valid values are “pending”, “accepted”, “expired”, and “canceled”. - ↳
roleIdstring optionalRoleID is the optional UUID of a custom role assigned to this invite.
List User Stacks
GET
/api/user/stacksLists all stacks accessible to the authenticated user. Results can be filtered by organization, project, and stack tags (tagName/tagValue). Supports pagination via continuationToken and maxResults parameters. Returns stack summary information including name, project, last update status, and resource count.
Request Parameters
continuationTokenstring query optionalToken from a previous response to fetch the next page of resultsmaxResultsinteger query optionalMaximum number of stacks to return per pageorganizationstring query optionalFilter stacks to those owned by this organizationprojectstring query optionalFilter stacks to those in this projectroleIDstring query optionalList stacks only using this custom roletagNamestring query optionalFilter stacks by tag name (use with tagValue for exact match)tagValuestring query optionalFilter stacks by tag value (requires tagName)
Responses
200
OK
Schema: AppListStacksResponse
- List of stacks
- ↳
idstring requiredThe logical identifier of the stack. - ↳
orgNamestring requiredOrgName is the organization name the stack is found in. - ↳
projectNamestring requiredProjectName is the name of the project the stack is associated with. - ↳
stackNamestring requiredStackName is the name of the stack. - ↳
lastUpdateinteger optionalLastUpdate is a Unix timestamp of the start time of the stack’s last update, as applicable. - ↳
resourceCountinteger optionalResourceCount is the number of resources associated with this stack, as applicable. - Links to the stack in the Pulumi Console
continuationTokenstring optionalContinuationToken is an opaque value used to mark the end of the all stacks. If non-nil, pass it into a subsequent call in order to get the next batch of results.
A value of nil means that all stacks have been returned.
Errors:
400 Invalid continuation token
Delete Identity Provider
DELETE
/api/user/vcsDeleteIdentityProvider removes a VCS identity provider from the current user’s account.
Request Parameters
identitystring query optionalThe VCS identity provider to disconnect (e.g., github, gitlab, bitbucket)
Responses
200
OK
Schema: User
idstring requiredThe unique identifier of the user.githubLoginstring requiredThe user’s login name (originally from GitHub).namestring requiredThe user’s display name.emailstring requiredThe user’s email address.avatarUrlstring requiredThe URL of the user’s avatar image.- Organizations is the list of Pulumi organizations the user is a member of.
- ↳
namestring requiredThe name of the organization. - ↳
roleenum optionalThe role of the user within this organization.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - ↳
githubLoginstring requiredThe GitHub login associated with the organization. - ↳
avatarUrlstring requiredThe URL of the organization’s avatar image. - ↳
emailstring optionalIMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information. - PotentialOrganizations is the list of Pulumi organizations the user is a potential member of.
- ↳
namestring requiredThe name of the organization. - ↳
roleenum optionalThe role of the user within this organization.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - ↳
githubLoginstring requiredThe GitHub login associated with the organization. - ↳
avatarUrlstring requiredThe URL of the organization’s avatar image. - ↳
emailstring optionalIMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information. identitiesarray[string] requiredIdentities is the array of identities a Pulumi user’s account is tied to.siteAdminboolean optionalSiteAdministrator is whether or not the user is a site administrator.registryAdminboolean optionalRegistryAdmin is whether or not the user is a registry administrator.- TokenInfo is contains metadata, set only for machine tokens & to be used only in the CLI
- ↳
namestring requiredThe name of the access token. - ↳
organizationstring requiredThe organization the token is scoped to, if any. - ↳
teamstring requiredThe team the token is scoped to, if any. hasMFAboolean requiredWhether the user has multi-factor authentication enabled.isOrgManagedboolean requiredWhether the user’s account is managed by an organization.isManagedByMultiOrgboolean requiredWhether the user’s account is managed by multiple organizations.
Errors:
400 must have more than one identity provider
404 organizations
List Identity Provider Organizations
GET
/api/user/vcs/organizationsListIdentityProviderOrganizations lists all of the organizations from a backing VCS visible to the Pulumi Service for the requesting user. Ignores errors if this user doesn’t have a specific backing identity.
Responses
200
OK
Schema: ListGitHubOrganizationsResponse
- The list of GitHub organizations
- Organization data from GitHub.
- ↳
vcsKindenum requiredThe identity provider associated with this GitHub organization.Values:dev.azure.com,bitbucket.org,github.com,gitlab.com,google.com,Pulumi,SAML - ↳
knownToPulumiboolean requiredKnownToPulumi is true if there is a Pulumi organization backed by the GitHub organization.
Sync With Identity Provider
POST
/api/user/vcs/syncSyncWithIdentityProvider contacts the requesting user’s identity provider, and updates their profile information (display name, avatar URL, etc.) This is required since we don’t get update events from the identity provider when changes are made in the identity provider’s system.
Request Parameters
identitystring query optionalThe VCS identity provider to sync profile data from (e.g., github, gitlab)
Responses
200
OK
Schema: User
idstring requiredThe unique identifier of the user.githubLoginstring requiredThe user’s login name (originally from GitHub).namestring requiredThe user’s display name.emailstring requiredThe user’s email address.avatarUrlstring requiredThe URL of the user’s avatar image.- Organizations is the list of Pulumi organizations the user is a member of.
- ↳
namestring requiredThe name of the organization. - ↳
roleenum optionalThe role of the user within this organization.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - ↳
githubLoginstring requiredThe GitHub login associated with the organization. - ↳
avatarUrlstring requiredThe URL of the organization’s avatar image. - ↳
emailstring optionalIMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information. - PotentialOrganizations is the list of Pulumi organizations the user is a potential member of.
- ↳
namestring requiredThe name of the organization. - ↳
roleenum optionalThe role of the user within this organization.Values:none,member,admin,potential-member,stack-collaborator,billing-manager - ↳
githubLoginstring requiredThe GitHub login associated with the organization. - ↳
avatarUrlstring requiredThe URL of the organization’s avatar image. - ↳
emailstring optionalIMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information. identitiesarray[string] requiredIdentities is the array of identities a Pulumi user’s account is tied to.siteAdminboolean optionalSiteAdministrator is whether or not the user is a site administrator.registryAdminboolean optionalRegistryAdmin is whether or not the user is a registry administrator.- TokenInfo is contains metadata, set only for machine tokens & to be used only in the CLI
- ↳
namestring requiredThe name of the access token. - ↳
organizationstring requiredThe organization the token is scoped to, if any. - ↳
teamstring requiredThe team the token is scoped to, if any. hasMFAboolean requiredWhether the user has multi-factor authentication enabled.isOrgManagedboolean requiredWhether the user’s account is managed by an organization.isManagedByMultiOrgboolean requiredWhether the user’s account is managed by multiple organizations.
Errors:
400 invalid query parameter
Get User Has Verified Email
GET
/api/user/verified-emailGetUserHasVerifiedEmail returns a success response if the user has a verified email, 404 not found if they are not verified
Responses
200
OK
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.