• Get Started
  • Documentation
  • Samples
  • Blog
  • Pricing
    • Table of contents
    Overview
    Tutorials
    Samples
    Changelog
    Access Control
    Download API definition:
    Get iTwin user member
    GET https://qa-api.bentley.com/accesscontrol/itwins/{id}/members/users/{memberId}

    Retrieves a specific user member for a specified iTwin.

    Missing Users

    When users are removed from the Bentley Identity Management System, they are not automatically removed from the iTwin. Therefore, it is possible to have a situation where the user is no longer valid, yet they are still a user member of the iTwin. When this happens, the user member will be returned from this API endpoint with the follow values:

    {
    "id": <memberId>,
    "email": null,
    "givenName": null,
    "surname": null,
    "organization": null,
    ...
}

    You should account for this in your software if you do not want to show these users.

    Cleanup

    The Access Control API will perform a once-a-week cleanup to remove these "Missing Users". You can rely on this automated clean-up if this timeline is sufficient.

    If not, you can use the Remove iTwin User Member API (use the memberId) to remove the user member from the iTwin.

    Authentication

    Requires Authorization header with valid Bearer token for scope itwin-platform.

    For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

    Authorization

    The calling user must be a member of the iTwin. Organization Administrator can also retrieve an iTwin user member for any iTwin in their Organization.

    An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.

    Request

    Request parameters

    Name
    Required?
    Description
    id
    Yes
    memberId
    Yes

    Request headers

    Name
    Required?
    Description
    Authorization
    Yes

    OAuth access token with itwin-platform scope

    Accept
    No

    Setting to application/vnd.bentley.itwin-platform.v2+json is recommended.

    Response

    Response 200 OK

    OK

    json
    {
    "member": {
        "id": "69e0284a-1331-4462-9c83-9cdbe2bdaa7f",
        "email": "Thomas.Wilson@example.com",
        "givenName": "Thomas",
        "surname": "Wilson",
        "organization": "Organization Corp.",
        "roles": [{
            "id": "5abbfcef-0eab-472a-b5f5-5c5a43df34b1",
            "displayName": "Read Access"
        }]
    }
}

    Response 401 Unauthorized

    This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

    json
    {
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

    Response 404 Not Found

    This response indicates that iTwin or user member with specified ID was not found.

    json
    {
    "error": {
        "code": "ItwinNotFound",
        "message": "Requested iTwin is not available."
    }
}

    Response 429 Too many requests

    This response indicates that the user has sent too many requests in a given amount of time.

    json
    {
    "error": {
        "code": "TooManyRequests",
        "message": "More requests were received than the subscription rate-limit allows."
    }
}

    Response headers

    Name
    Description
    retry-after

    The number of requests exceeds the rate-limit for the client subscription.

    Definitions

    iTwin User Member

    Name
    Type
    Description
    id
    String

    The user Id in Identity Management System.

    email
    String

    User email.

    givenName
    String

    User given name.

    surname
    String

    User surname.

    organization
    String

    Organization user is member of in Identity Management System.

    roles
    Role[]

    List of roles.

    Role

    Name
    Type
    Description
    id
    String

    The role id.

    displayName
    String

    The display name of your Role.

    description
    String

    A description of your Role.

    permissions
    String[]

    List of permissions assigned to the role.

    User Member (update)

    Name
    Type
    Description
    member
    UserMemberRepresentation

    Error

    Contains error information.

    Name
    Type
    Description
    code
    String

    One of a server-defined set of error codes.

    message
    String

    A human-readable representation of the error.

    target
    String, null

    The target of the error.

    Error Response

    Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

    Name
    Type
    Description
    error
    Error

    Error information.