Salfio
APIReference

List organization users

Returns the authenticated organization's members. Creation and deletion of users are managed through the Salfio dashboard's invitation flow and are intentionally not exposed via the API.

GET
/users

Authorization

bearerAuth
AuthorizationBearer <token>

Salfio API tokens start with the literal prefix sk_live_ followed by 32 base62 characters (≈190 bits of entropy). Tokens are hashed at rest with argon2id and shown to the user only once at creation.

In: header

Response Body

application/json

application/json

application/json

curl -X GET "https://api.salfio.com/v1/users"
{
  "meta": {
    "cursor": "string",
    "hasMore": true
  },
  "data": [
    {
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "firstName": "Alice",
      "lastName": "Morgan",
      "email": "alice@acme.com",
      "imageUrl": "http://example.com",
      "createdAt": "2019-08-24T14:15:22Z",
      "updatedAt": "2019-08-24T14:15:22Z"
    }
  ]
}
{
  "error": {
    "code": "unauthorized",
    "message": "Authentication required"
  }
}
{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded",
    "details": {
      "retry_after_seconds": 30
    }
  }
}

Update a client

Updates the provided fields; omitted fields are left unchanged. Cross- tenant updates return `404 not_found` (no existence leak).

Get a user

Fetch a single user by UUID. Users that don't belong to the caller's organization return `404 not_found` — existence is never leaked across tenants.