Users

For instructions on how to authenticate to use this endpoint, see API overview.

Endpoints

GET
POST
GET
DELETE
POST
POST
POST
POST
POST
GET

Retrieve users integrations slack linkable workspaces

Return Slack workspaces in the user's organizations that they have not yet linked. The settings UI uses this list to decide whether to show a "Link my Slack account" button (non-empty list) and what to offer in the picker when several are connectable.

Required API key scopes

user:read

Path parameters

  • uuid
    string

Response


Example request

GET /api/users/:uuid/integrations/slack/linkable_workspaces
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/integrations/slack/linkable_workspaces/

Example response

Status 200
RESPONSE
{
"results": [
{
"posthog_team_id": 0,
"posthog_team_name": "string",
"posthog_organization_name": "string",
"slack_team_id": "string",
"slack_team_name": "string"
}
]
}

Retrieve users integrations slack linkable workspaces

Return Slack workspaces in the user's organizations that they have not yet linked. The settings UI uses this list to decide whether to show a "Link my Slack account" button (non-empty list) and what to offer in the picker when several are connectable.

Required API key scopes

user:read

Path parameters

  • uuid
    string

Response


Example request

GET /api/users/:uuid/integrations/slack/linkable_workspaces
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/integrations/slack/linkable_workspaces/

Example response

Status 200
RESPONSE
{
"results": [
{
"posthog_team_id": 0,
"posthog_team_name": "string",
"posthog_organization_name": "string",
"slack_team_id": "string",
"slack_team_name": "string"
}
]
}

Create users integrations slack start

Mint a Sign-in-with-Slack invite URL initiated from settings, without Slack-DM context. The returned URL takes the user through PostHog login (already satisfied here), then to Slack OAuth, then back to our callback which writes the UserIntegration row.

Without body params, falls back to the user's current_team and that team's first Slack Integration — works when there's exactly one linkable workspace. With team_id + slack_team_id, links against the exact pair (what the frontend uses when a picker is shown).

Refuses if the target team has no matching Slack workspace, if the feature flag is off for the workspace, or if the user is already linked to it.

Required API key scopes

user:write

Path parameters

  • uuid
    string

Request parameters

  • team_id
    integernull
  • slack_team_id
    stringnull

Response


Example request

POST /api/users/:uuid/integrations/slack/start
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/integrations/slack/start/\
-d team_id=["integer","null"]

Example response

Status 200
RESPONSE
{
"install_url": "string"
}

Create users integrations slack start

Mint a Sign-in-with-Slack invite URL initiated from settings, without Slack-DM context. The returned URL takes the user through PostHog login (already satisfied here), then to Slack OAuth, then back to our callback which writes the UserIntegration row.

Without body params, falls back to the user's current_team and that team's first Slack Integration — works when there's exactly one linkable workspace. With team_id + slack_team_id, links against the exact pair (what the frontend uses when a picker is shown).

Refuses if the target team has no matching Slack workspace, if the feature flag is off for the workspace, or if the user is already linked to it.

Required API key scopes

user:write

Path parameters

  • uuid
    string

Request parameters

  • team_id
    integernull
  • slack_team_id
    stringnull

Response


Example request

POST /api/users/:uuid/integrations/slack/start
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/integrations/slack/start/\
-d team_id=["integer","null"]

Example response

Status 200
RESPONSE
{
"install_url": "string"
}

List all users login sessions

List the cookie-auth login sessions for the current user. Self-only — never another user.

Path parameters

  • uuid
    string

Query parameters

  • email
    string
  • is_staff
    boolean

Example request

GET /api/users/:uuid/login_sessions
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/login_sessions/

Example response

Status 200
RESPONSE
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"created_at": "2019-08-24T14:15:22Z",
"last_activity": "2019-08-24T14:15:22Z",
"location": "string",
"device": "string",
"login_method": "string",
"is_current": true
}

List all users login sessions

List the cookie-auth login sessions for the current user. Self-only — never another user.

Path parameters

  • uuid
    string

Query parameters

  • email
    string
  • is_staff
    boolean

Example request

GET /api/users/:uuid/login_sessions
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/login_sessions/

Example response

Status 200
RESPONSE
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"created_at": "2019-08-24T14:15:22Z",
"last_activity": "2019-08-24T14:15:22Z",
"location": "string",
"device": "string",
"login_method": "string",
"is_current": true
}

Delete users login sessions

Revoke a single login session belonging to the current user. Self-only.

Requires recent auth (TimeSensitiveActionPermission) so a stolen cookie can't weaponize revocation, and is blocked while impersonating via ImpersonationBlockedPathsMiddleware.

Path parameters

  • session_id
    string
  • uuid
    string

Example request

DELETE /api/users/:uuid/login_sessions/:session_id
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl -X DELETE \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/login_sessions/:session_id/

Example response

Status 204 Login session revoked.

Delete users login sessions

Revoke a single login session belonging to the current user. Self-only.

Requires recent auth (TimeSensitiveActionPermission) so a stolen cookie can't weaponize revocation, and is blocked while impersonating via ImpersonationBlockedPathsMiddleware.

Path parameters

  • session_id
    string
  • uuid
    string

Example request

DELETE /api/users/:uuid/login_sessions/:session_id
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl -X DELETE \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/login_sessions/:session_id/

Example response

Status 204 Login session revoked.

Create users login sessions revoke others

Revoke every login session for the current user except the one making this request. Self-only.

Requires recent auth (TimeSensitiveActionPermission) so a stolen cookie can't weaponize the "log out everywhere else" lock-out, and is blocked while impersonating.

Path parameters

  • uuid
    string

Response


Example request

POST /api/users/:uuid/login_sessions/revoke_others
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/login_sessions/revoke_others/

Example response

Status 200
RESPONSE
{
"revoked_count": 0
}

Create users login sessions revoke others

Revoke every login session for the current user except the one making this request. Self-only.

Requires recent auth (TimeSensitiveActionPermission) so a stolen cookie can't weaponize the "log out everywhere else" lock-out, and is blocked while impersonating.

Path parameters

  • uuid
    string

Response


Example request

POST /api/users/:uuid/login_sessions/revoke_others
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/login_sessions/revoke_others/

Example response

Status 200
RESPONSE
{
"revoked_count": 0
}

Create users onboarding skip

Mark the current user as having exited onboarding with a non-delegated reason. Idempotent: the skip timestamp is only set on the first successful call.

Callers wanting to delegate setup to a teammate must use the dedicated /organizations/{id}/invites/delegate/ endpoint, which atomically creates the invite and sets reason="delegated". This endpoint rejects that reason so state can't be faked without a real invite.

Path parameters

  • uuid
    string

Request parameters

  • reason
  • step_at_skip
    string

Response


Example request

POST /api/users/:uuid/onboarding/skip
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/onboarding/skip/\
-d reason=undefined

Example response

Status 200
RESPONSE
{
"date_joined": "2019-08-24T14:15:22Z",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"distinct_id": "string",
"first_name": "string",
"last_name": "string",
"email": "user@example.com",
"pending_email": "user@example.com",
"is_email_verified": true,
"notification_settings": {},
"anonymize_data": true,
"allow_impersonation": true,
"toolbar_mode": "disabled",
"has_password": true,
"id": 0,
"is_staff": true,
"is_impersonated": true,
"is_impersonated_until": "string",
"is_impersonated_read_only": true,
"sensitive_session_expires_at": "string",
"team": {
"id": 0,
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"organization": "452c1a86-a0af-475b-b03f-724878b0f387",
"project_id": -9223372036854776000,
"api_token": "string",
"name": "string",
"completed_snippet_onboarding": true,
"has_completed_onboarding_for": null,
"ingested_event": true,
"is_demo": true,
"timezone": "Africa/Abidjan",
"access_control": true
},
"organization": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"slug": "string",
"logo_media_id": "a5d9f2f1-d934-4d2e-bebe-4b3cdcd08a33",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"membership_level": 1,
"plugins_access_level": 0,
"teams": [
{}
],
"projects": [
{}
],
"available_product_features": [
null
],
"is_member_join_email_enabled": true,
"metadata": {
"property1": "string",
"property2": "string"
},
"customer_id": "string",
"enforce_2fa": true,
"members_can_invite": true,
"members_can_create_projects": true,
"members_can_use_personal_api_keys": true,
"allow_publicly_shared_resources": true,
"member_count": 0,
"is_ai_data_processing_approved": true,
"is_ai_training_opted_in": true,
"is_ai_training_locked": true,
"is_ai_training_cta_shown": true,
"is_hipaa": true,
"default_experiment_stats_method": "bayesian",
"default_anonymize_ips": true,
"default_role_id": "string",
"is_active": true,
"is_not_active_reason": "string",
"is_pending_deletion": true
},
"organizations": [
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"slug": "string",
"logo_media_id": "a5d9f2f1-d934-4d2e-bebe-4b3cdcd08a33",
"membership_level": 1,
"members_can_use_personal_api_keys": true,
"is_active": true,
"is_not_active_reason": "string",
"is_pending_deletion": true
}
],
"set_current_organization": "string",
"set_current_team": "string",
"password": "string",
"current_password": "string",
"events_column_config": null,
"is_2fa_enabled": true,
"has_social_auth": true,
"has_sso_enforcement": true,
"has_seen_product_intro_for": null,
"scene_personalisation": [
{
"scene": "string",
"dashboard": 0
}
],
"theme_mode": "light",
"hedgehog_config": null,
"allow_sidebar_suggestions": true,
"shortcut_position": "above",
"role_at_organization": "engineering",
"passkeys_enabled_for_2fa": true,
"hide_mcp_hints": true,
"onboarding_skipped_at": "2019-08-24T14:15:22Z",
"onboarding_skipped_reason": "delegated",
"onboarding_skipped_organization_id": "07d05e34-b1e4-4d27-bda6-e0475982a5c6",
"onboarding_delegated_to_invite": "5b84e4d7-3fe6-4b27-ad86-bc5c82f39436",
"onboarding_delegated_to_organization_id": "cc1d8401-81fd-4ff9-836c-1740f15ea5c2",
"onboarding_delegation_accepted_at": "2019-08-24T14:15:22Z",
"is_organization_first_user": true,
"active_realtime_notification_types": [
"string"
],
"pending_invites": [
{
"id": "string",
"target_email": "user@example.com",
"organization_id": "string",
"organization_name": "string",
"created_at": "2019-08-24T14:15:22Z"
}
],
"requires_credential_review": true
}

Create users onboarding skip

Mark the current user as having exited onboarding with a non-delegated reason. Idempotent: the skip timestamp is only set on the first successful call.

Callers wanting to delegate setup to a teammate must use the dedicated /organizations/{id}/invites/delegate/ endpoint, which atomically creates the invite and sets reason="delegated". This endpoint rejects that reason so state can't be faked without a real invite.

Path parameters

  • uuid
    string

Request parameters

  • reason
  • step_at_skip
    string

Response


Example request

POST /api/users/:uuid/onboarding/skip
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/onboarding/skip/\
-d reason=undefined

Example response

Status 200
RESPONSE
{
"date_joined": "2019-08-24T14:15:22Z",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"distinct_id": "string",
"first_name": "string",
"last_name": "string",
"email": "user@example.com",
"pending_email": "user@example.com",
"is_email_verified": true,
"notification_settings": {},
"anonymize_data": true,
"allow_impersonation": true,
"toolbar_mode": "disabled",
"has_password": true,
"id": 0,
"is_staff": true,
"is_impersonated": true,
"is_impersonated_until": "string",
"is_impersonated_read_only": true,
"sensitive_session_expires_at": "string",
"team": {
"id": 0,
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"organization": "452c1a86-a0af-475b-b03f-724878b0f387",
"project_id": -9223372036854776000,
"api_token": "string",
"name": "string",
"completed_snippet_onboarding": true,
"has_completed_onboarding_for": null,
"ingested_event": true,
"is_demo": true,
"timezone": "Africa/Abidjan",
"access_control": true
},
"organization": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"slug": "string",
"logo_media_id": "a5d9f2f1-d934-4d2e-bebe-4b3cdcd08a33",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"membership_level": 1,
"plugins_access_level": 0,
"teams": [
{}
],
"projects": [
{}
],
"available_product_features": [
null
],
"is_member_join_email_enabled": true,
"metadata": {
"property1": "string",
"property2": "string"
},
"customer_id": "string",
"enforce_2fa": true,
"members_can_invite": true,
"members_can_create_projects": true,
"members_can_use_personal_api_keys": true,
"allow_publicly_shared_resources": true,
"member_count": 0,
"is_ai_data_processing_approved": true,
"is_ai_training_opted_in": true,
"is_ai_training_locked": true,
"is_ai_training_cta_shown": true,
"is_hipaa": true,
"default_experiment_stats_method": "bayesian",
"default_anonymize_ips": true,
"default_role_id": "string",
"is_active": true,
"is_not_active_reason": "string",
"is_pending_deletion": true
},
"organizations": [
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"slug": "string",
"logo_media_id": "a5d9f2f1-d934-4d2e-bebe-4b3cdcd08a33",
"membership_level": 1,
"members_can_use_personal_api_keys": true,
"is_active": true,
"is_not_active_reason": "string",
"is_pending_deletion": true
}
],
"set_current_organization": "string",
"set_current_team": "string",
"password": "string",
"current_password": "string",
"events_column_config": null,
"is_2fa_enabled": true,
"has_social_auth": true,
"has_sso_enforcement": true,
"has_seen_product_intro_for": null,
"scene_personalisation": [
{
"scene": "string",
"dashboard": 0
}
],
"theme_mode": "light",
"hedgehog_config": null,
"allow_sidebar_suggestions": true,
"shortcut_position": "above",
"role_at_organization": "engineering",
"passkeys_enabled_for_2fa": true,
"hide_mcp_hints": true,
"onboarding_skipped_at": "2019-08-24T14:15:22Z",
"onboarding_skipped_reason": "delegated",
"onboarding_skipped_organization_id": "07d05e34-b1e4-4d27-bda6-e0475982a5c6",
"onboarding_delegated_to_invite": "5b84e4d7-3fe6-4b27-ad86-bc5c82f39436",
"onboarding_delegated_to_organization_id": "cc1d8401-81fd-4ff9-836c-1740f15ea5c2",
"onboarding_delegation_accepted_at": "2019-08-24T14:15:22Z",
"is_organization_first_user": true,
"active_realtime_notification_types": [
"string"
],
"pending_invites": [
{
"id": "string",
"target_email": "user@example.com",
"organization_id": "string",
"organization_name": "string",
"created_at": "2019-08-24T14:15:22Z"
}
],
"requires_credential_review": true
}

Create users push tokens

Idempotent upsert: if the (user, token) pair already exists, platform and last_seen_at are refreshed. Otherwise a new row is created.

Required API key scopes

user:write

Path parameters

  • uuid
    string

Request parameters

  • token
    string
  • platform

Response


Example request

POST /api/users/:uuid/push_tokens
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/push_tokens/\
-d token="string",\
-d platform=undefined

Example response

Status 200 Token was registered or refreshed.
RESPONSE
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"platform": "ios",
"created_at": "2019-08-24T14:15:22Z",
"last_seen_at": "2019-08-24T14:15:22Z"
}

Create users push tokens

Idempotent upsert: if the (user, token) pair already exists, platform and last_seen_at are refreshed. Otherwise a new row is created.

Required API key scopes

user:write

Path parameters

  • uuid
    string

Request parameters

  • token
    string
  • platform

Response


Example request

POST /api/users/:uuid/push_tokens
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/push_tokens/\
-d token="string",\
-d platform=undefined

Example response

Status 200 Token was registered or refreshed.
RESPONSE
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"platform": "ios",
"created_at": "2019-08-24T14:15:22Z",
"last_seen_at": "2019-08-24T14:15:22Z"
}

Create users push tokens unregister

Delete the row matching (user, token). Returns 204 even if no row matches so the mobile client can call this unconditionally when the user opts out.

Required API key scopes

user:write

Path parameters

  • uuid
    string

Request parameters

  • token
    string

Example request

POST /api/users/:uuid/push_tokens/unregister
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/push_tokens/unregister/\
-d token="string"

Example response

Status 204 Token removed (or never existed).

Create users push tokens unregister

Delete the row matching (user, token). Returns 204 even if no row matches so the mobile client can call this unconditionally when the user opts out.

Required API key scopes

user:write

Path parameters

  • uuid
    string

Request parameters

  • token
    string

Example request

POST /api/users/:uuid/push_tokens/unregister
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/push_tokens/unregister/\
-d token="string"

Example response

Status 204 Token removed (or never existed).

Create users scene personalisation

Path parameters

  • uuid
    string

Request parameters

  • first_name
    string
  • last_name
    string
  • email
    string
  • notification_settings
    object
  • anonymize_data
    booleannull
  • allow_impersonation
    booleannull
  • toolbar_mode
  • is_staff
    boolean
  • set_current_organization
    string
  • set_current_team
    string
  • password
    string
  • current_password
    string
  • events_column_config
  • has_seen_product_intro_for
  • theme_mode
  • hedgehog_config
  • allow_sidebar_suggestions
    booleannull
  • shortcut_position
  • role_at_organization
  • passkeys_enabled_for_2fa
    booleannull
  • hide_mcp_hints
    boolean

Example request

POST /api/users/:uuid/scene_personalisation
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/scene_personalisation/\
-d email="string",\
-d password="string"

Example response

Status 200 No response body

Create users scene personalisation

Path parameters

  • uuid
    string

Request parameters

  • first_name
    string
  • last_name
    string
  • email
    string
  • notification_settings
    object
  • anonymize_data
    booleannull
  • allow_impersonation
    booleannull
  • toolbar_mode
  • is_staff
    boolean
  • set_current_organization
    string
  • set_current_team
    string
  • password
    string
  • current_password
    string
  • events_column_config
  • has_seen_product_intro_for
  • theme_mode
  • hedgehog_config
  • allow_sidebar_suggestions
    booleannull
  • shortcut_position
  • role_at_organization
  • passkeys_enabled_for_2fa
    booleannull
  • hide_mcp_hints
    boolean

Example request

POST /api/users/:uuid/scene_personalisation
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl
-H 'Content-Type: application/json'\
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/scene_personalisation/\
-d email="string",\
-d password="string"

Example response

Status 200 No response body

Retrieve users start 2fa setup

Path parameters

  • uuid
    string

Example request

GET /api/users/:uuid/start_2fa_setup
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/start_2fa_setup/

Example response

Status 200 No response body

Retrieve users start 2fa setup

Path parameters

  • uuid
    string

Example request

GET /api/users/:uuid/start_2fa_setup
export POSTHOG_PERSONAL_API_KEY=[your personal api key]
curl \
-H "Authorization: Bearer $POSTHOG_PERSONAL_API_KEY" \
<ph_app_host>/api/users/:uuid/start_2fa_setup/

Example response

Status 200 No response body

Community questions

Questions about this page? or post a community question.