List identities in Account
/portal/v1/accounts/{accountSlug}/identitiesAuthentication
- Bearer Token
AuthorizationJWT access token
Query Parameters
| Name | Required | Type | Description |
|---|---|---|---|
page | number | Page number (1-based) | |
take | number | Items per page (1-100, default 20) | |
q | string | Search term | |
sort_by | string | Column to sort by. Allowed values depend on the endpoint. | |
order | enum: "asc" | "desc" | Sort direction | |
status | enum: "active" | "inactive" | Filter by the Account-wide `is_active` flag. Omit to show all. | |
has_any_assignment | boolean | When true, only identities with at least one role assignment somewhere in the Account. When false, only identities with zero assignments (the orphan filter — surfaces identities that exist in the directory but haven't been given access anywhere). Omit to show all. | |
not_in_app | string | Exclude identities that already have an active AppMembership for the named App slug. Drives the env-scoped 'Add from directory' picker — the candidate list should only contain identities NOT already in the target App. |
Code samples
curl -X GET "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities?page=0&take=0&q=value&sort_by=value&order=asc&status=active&has_any_assignment=false¬_in_app=value" \
-H "Authorization: Bearer $CANOPY_TOKEN"const response = await fetch("https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities?page=0&take=0&q=value&sort_by=value&order=asc&status=active&has_any_assignment=false¬_in_app=value", {
method: "GET",
headers: {
"Authorization": "Bearer $CANOPY_TOKEN"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities?page=0&take=0&q=value&sort_by=value&order=asc&status=active&has_any_assignment=false¬_in_app=value",
headers={
"Authorization": "Bearer $CANOPY_TOKEN"
},
)
data = response.json()package main
import (
"net/http"
)
func main() {
req, _ := http.NewRequest("GET", "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/identities?page=0&take=0&q=value&sort_by=value&order=asc&status=active&has_any_assignment=false¬_in_app=value", nil)
req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
resp, _ := http.DefaultClient.Do(req)
defer resp.Body.Close()
}Responses
200 Paginated list
{
"items": [
{
"id": "string",
"email": "string",
"first_name": "string",
"last_name": "string",
"avatar_url": "string",
"external_id": "string",
"is_active": false,
"email_verified": false,
"app_membership_count": 0,
"total_assignments": 0,
"created_at": "2026-04-20T12:00:00.000Z"
}
],
"pagination": {
"page": 0,
"take": 0,
"item_count": 0,
"page_count": 0,
"has_previous_page": false,
"has_next_page": false
}
}application/json
itemsAccountIdentityRowDto[]paginationPageMetaDto
401 Invalid or expired token
403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)
Pagination
This endpoint returns a paginated collection. Use the query parameters below to page through results.
page- Page number (1-indexed). Defaults to 1.
take- Items per page (1–100). Defaults to 20.
Each response includes an items array alongside a pagination object with item_count, page_count, has_previous_page, and has_next_page fields.