User ID (usr_...). The authenticated user must be this user or have access to their artifacts.
Successful response
Retrieve a user by ID
Returns the user identified by user. The authenticated user must share
at least one team with the target user; requests for users outside any
shared team are rejected with 403.
A user may always retrieve their own profile with this endpoint. Use the
GET /users/me endpoint as a convenience alias for retrieving the
authenticated user without specifying an ID.
User ID (usr_...) of the user to retrieve.
The requested user object.
Create a user invite
Creates a new invite for the authenticated user. The invite can optionally be
scoped to a specific thread, a persona, or carry arbitrary metadata. The
caller receives the new invite object at HTTP 201.
The invite key is always generated server-side (192-bit URL-safe random
string) and cannot be supplied by the caller.
The path :user must match the authenticated user. If a thread_id is
provided, the authenticated user must have permission to invite others to that
thread; team threads are not supported and return an error. Supplying a
thread_id that does not exist or that belongs to a different user returns
an error. If a key collision occurs during creation the call returns a 409
conflict — simply retry to generate a new key.
User ID (usr_...). Must match the authenticated user.
Request body.
Parameters for the new invite. See the UserInviteCreateParams schema for field details.
The newly created invite object.
Retrieve the current user Returns the user associated with the authenticated session or bearer token. This is the canonical way to resolve "who am I?" after authentication. The response includes the user's profile, notification settings, and profile picture, along with the app, organization, and sandbox the token is scoped to and their display names — enough to establish full session context in a single call. Unauthenticated requests return 401.
The authenticated user object.
List organizations for a user
Returns the organizations the specified user belongs to. A user can belong
to at most one organization, so the data array contains either zero or one
items.
The authenticated viewer must have permission to inspect the target user.
Returns an empty data array when the user has no organization membership.
User ID (usr_...) whose organization membership you want to retrieve.
Successful response
Update the current user's profile
Updates one or more profile fields for the authenticated user. All
fields are optional; omit any you do not want to change.
When profile_picture is supplied, the image is uploaded and replaces
the existing picture. The previous picture is deleted after the new one
is stored. Image upload failures return 422 without modifying other
profile fields.
User ID (usr_...) or "me" for the authenticated user.
Request body.
Optionalalias?: stringShort display alias shown in place of the full name in compact UI contexts.
Optionalfull_name?: stringUpdated display name for the user.
Optionalmetadata?: Record<string, unknown>Arbitrary key-value metadata to associate with the user. Existing keys are merged; pass null for a key to remove it.
Optionalprofile_picture?: { data?: string; filename?: string; mime_type?: string }New profile picture to upload as a base64-encoded image. Replaces any existing picture.
The user object with updated profile fields.
List a user's artifacts Returns all artifacts owned by the specified user. Artifacts represent AI-generated or user-uploaded files associated with agent sessions, threads, or sandboxes — such as images, documents, and code outputs. The authenticated user must be requesting their own artifacts or must have administrative access. Attempting to list artifacts for a user the caller is not authorized to access returns 403. Results are returned in a single page without cursor pagination. Each artifact in the response reflects the state of its current version, including a short-lived signed
file_urlfor direct download.