# Get user by ID

Retrieve a specific user from an account (tenant).

A valid environment token is required to call this endpoint. You can obtain it from the environment authentication route.

Endpoint: GET /resources/users/v1/{id}
Security: bearer

## Path parameters:

  - `id` (string, required)

## Header parameters:

  - `frontegg-tenant-id` (string, required)
    The account (tenant) ID identifier

## Response 200 fields (application/json):

  - `id` (string, required)

  - `email` (string, required)

  - `name` (string, required)

  - `profilePictureUrl` (string, required)

  - `sub` (string, required)

  - `verified` (boolean, required)

  - `mfaEnrolled` (boolean, required)

  - `mfaBypass` (boolean)

  - `phoneNumber` (string)

  - `roles` (array, required)

  - `roles.vendorId` (string, required)

  - `roles.tenantId` (string, required)

  - `roles.key` (string, required)

  - `roles.description` (string, required)

  - `roles.isDefault` (boolean, required)

  - `roles.firstUserRole` (boolean, required)

  - `roles.level` (number, required)

  - `roles.createdAt` (string, required)

  - `roles.updatedAt` (string, required)

  - `roles.permissions` (array, required)

  - `provider` (string, required)

  - `tenantIds` (array, required)

  - `activatedForTenant` (boolean)

  - `isLocked` (boolean)

  - `tenants` (array, required)

  - `tenants.temporaryExpirationDate` (string)

  - `tenants.isDisabled` (boolean)

  - `invisible` (boolean)

  - `superUser` (boolean)

  - `metadata` (string, required)

  - `vendorMetadata` (string, required)

  - `externalId` (string)

  - `lastLogin` (string, required)

  - `groups` (array)

  - `subAccountAccessAllowed` (boolean, required)

  - `managedBy` (string)
    Enum: "frontegg", "scim2", "external"