> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tesouro.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Lists users from the target organization and all its descendants.

> Returns users from the target organization AND all organizations below it in the hierarchy.
When X-Organization-ID header is provided, uses that org as target (if visible to caller).
When no header is provided, defaults to the caller's own organization.
Supports optional filtering by organization type, user status, reporting manager, and pagination.
Requires the user:read:org scope.

**Token types:** APP, USER | **Accepted scopes (any of):** `user:read:org`, `user:read:self`



## OpenAPI

````yaml /.tooling/schemas/rest/tags/product-finops.json get /identity/v1/users
openapi: 3.1.0
info:
  title: Tesouro Partner API
  version: '2025-06-23'
  description: The Tesouro REST API, for Tesouro partners to integrate with our solution.
  termsOfService: https://tesouro.com/terms
  contact:
    name: Tesouro team
    url: https://tesouro.com/about/
    email: developers@tesouro.com
servers:
  - url: https://api.sandbox.tesouro.com
    description: Sandbox
security: []
tags:
  - name: Accounting connections
  - name: Accounting data pull
  - name: Accounting synchronized records
  - name: Accounting tax rates
  - name: Analytics
  - name: Approval policies
  - name: Approval requests
  - name: Bank details
  - name: Comments
  - name: Cost centers
  - name: Counterpart VAT IDs
  - name: Counterpart addresses
  - name: Counterpart bank accounts
  - name: Counterpart contacts
  - name: Counterparts
  - name: Credit notes
  - name: Custom tax rates
  - name: Delivery notes
  - name: Documents
  - name: Entities
  - name: Entity users
  - name: Events
  - name: Files
  - name: Identity
  - name: Ledger accounts
  - name: Mail templates
  - name: Mailbox domains
  - name: Mailboxes
  - name: Measure units
  - name: OCR
  - name: Overdue reminders
  - name: PDF templates
  - name: Payable line items
  - name: Payables
  - name: Payment intents
  - name: Payment links
  - name: Payment methods
  - name: Payment records
  - name: Payment reminders
  - name: Payment terms
  - name: Products
  - name: Projects
  - name: Purchase orders
  - name: Receipts
  - name: Receivables
  - name: Recurrences
  - name: Tags
  - name: Text templates
  - name: Transactions
  - name: VAT rates
  - name: Webhook deliveries
  - name: Webhook subscriptions
paths:
  /identity/v1/users:
    get:
      tags:
        - Identity
      summary: Lists users from the target organization and all its descendants.
      description: >-
        Returns users from the target organization AND all organizations below
        it in the hierarchy.

        When X-Organization-ID header is provided, uses that org as target (if
        visible to caller).

        When no header is provided, defaults to the caller's own organization.

        Supports optional filtering by organization type, user status, reporting
        manager, and pagination.

        Requires the user:read:org scope.


        **Token types:** APP, USER | **Accepted scopes (any of):**
        `user:read:org`, `user:read:self`
      operationId: GetUsers
      parameters:
        - name: OrganizationType
          in: query
          description: Filter by organization type (VERTICAL_SOFTWARE_PROVIDER, EMBEDDED).
          schema:
            $ref: '#/components/schemas/OrganizationType'
        - name: Limit
          in: query
          description: 'Maximum number of results to return (default: 20, max: 100).'
          schema:
            pattern: ^-?(?:0|[1-9]\d*)$
            type:
              - integer
              - string
            format: int32
        - name: PaginationToken
          in: query
          description: >-
            Opaque pagination token from a previous response for cursor-based
            navigation.
          schema:
            type: string
        - name: ReportingManagerUserId
          in: query
          description: >-
            Filter by reporting manager user ID. Returns only users whose
            reporting_manager_user_id equals this value.
          schema:
            type: string
            format: uuid
        - name: Status
          in: query
          description: 'Filter by user status (default: ACTIVE).'
          schema:
            $ref: '#/components/schemas/UserStatusFilter'
        - name: X-Organization-ID
          in: header
          description: >-
            ID of the organization to scope this operation to. When omitted,
            users from the target org and all its descendants are returned. Must
            be a valid non-empty UUID. Present but empty or malformed values
            return 400.
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: Returns the list of users from related organizations.
          content:
            text/plain:
              schema:
                $ref: '#/components/schemas/RelatedUsersListResponseDto'
            application/json:
              schema:
                $ref: '#/components/schemas/RelatedUsersListResponseDto'
            text/json:
              schema:
                $ref: '#/components/schemas/RelatedUsersListResponseDto'
        '400':
          description: Bad request - invalid query parameters.
          content:
            text/plain:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
            application/json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
            text/json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '401':
          description: Unauthorized - no valid JWT token provided.
          content:
            text/plain:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
            application/json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
            text/json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '403':
          description: >-
            Forbidden - caller lacks required scope or missing organization
            claim.
          content:
            text/plain:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
            application/json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
            text/json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '500':
          description: Internal server error.
      security:
        - APPToken:
            - user:read:org
        - USERToken:
            - user:read:org
        - APPToken:
            - user:read:self
        - USERToken:
            - user:read:self
components:
  schemas:
    OrganizationType:
      enum:
        - BANK
        - EMBEDDED
        - PLATFORM
        - TRANSACTOR
        - VERTICAL_SOFTWARE_PROVIDER
      type: string
    UserStatusFilter:
      enum:
        - ACTIVE
        - INACTIVE
        - INVITED
        - ALL
      type: string
      description: Filter for user status when querying users.
    RelatedUsersListResponseDto:
      required:
        - data
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/RelatedUserDto'
        nextPaginationToken:
          type:
            - 'null'
            - string
          description: |-
            A token to pass as pagination_token to get the next page of results.
            Null if there are no more pages after this one.
        prevPaginationToken:
          type:
            - 'null'
            - string
          description: >-
            A token to pass as pagination_token to get the previous page of
            results.

            Null if this is the first page.
      description: Response DTO for listing users from related organizations.
    ProblemDetails:
      type: object
      properties:
        detail:
          type:
            - 'null'
            - string
        instance:
          type:
            - 'null'
            - string
        status:
          pattern: ^-?(?:0|[1-9]\d*)$
          type:
            - 'null'
            - integer
            - string
          format: int32
        title:
          type:
            - 'null'
            - string
        type:
          type:
            - 'null'
            - string
    RelatedUserDto:
      required:
        - createdDateTime
        - email
        - id
        - name
        - organizationId
        - organizationName
        - status
      type: object
      properties:
        id:
          type: string
          format: uuid
        createdDateTime:
          type: string
          format: date-time
        department:
          oneOf:
            - type: 'null'
            - $ref: '#/components/schemas/UserDepartmentDto'
        email:
          type: string
        jobTitle:
          type:
            - 'null'
            - string
        lastLoggedInDateTime:
          type:
            - 'null'
            - string
          format: date-time
        location:
          oneOf:
            - type: 'null'
            - $ref: '#/components/schemas/UserLocationDto'
        name:
          type: string
        organizationId:
          type: string
          format: uuid
        organizationName:
          type: string
        reportingManagerUserId:
          type:
            - 'null'
            - string
          format: uuid
        role:
          type:
            - 'null'
            - string
        status:
          type: string
      description: Summary information for a user from a related organization.
    UserDepartmentDto:
      required:
        - id
        - name
      type: object
      properties:
        id:
          type: string
          format: uuid
        name:
          type: string
      description: A department reference on a user response.
    UserLocationDto:
      required:
        - id
        - name
      type: object
      properties:
        id:
          type: string
          format: uuid
        name:
          type: string
      description: A location reference on a user response.
  securitySchemes:
    APPToken:
      type: oauth2
      description: Application (M2M) OAuth2 access token (client credentials).
      flows:
        clientCredentials:
          tokenUrl: /connect/token
          scopes:
            acceptor:application:read: >-
              View merchant boarding applications, including business and
              ownership details. Contains sensitive personally identifiable
              information.
            acceptor:application:secondaryapproval: >-
              Provide a secondary approval on merchant boarding and underwriting
              applications as part of a multi-step review.
            acceptor:application:write: >-
              Edit, approve, and manage merchant boarding and underwriting
              applications, and attach supporting documents.
            accounting_config:read:org: >-
              View ledger accounts, tax rates, cost centers, tags, and projects
              configured for your organization.
            accounting_config:write:org: >-
              Create and update ledger accounts, tax rates, cost centers, tags,
              and projects for your organization.
            acquiring:report:read: >-
              View transaction and settlement reports for your acquiring
              activity.
            approval_policy:read:org: >-
              View approval workflows and spending policies configured for your
              organization.
            approval_policy:write:org: >-
              Create and update approval workflows and spending policies for
              your organization.
            approval_request:create:org: >-
              Submit items for approval within your organization's approval
              workflows.
            approval_request:delete:org: Delete approval requests within your organization.
            approval_request:read:org: >-
              View pending and completed approval requests across your
              organization.
            approval_request:update:org: >-
              Edit and update existing approval requests within your
              organization.
            authorization_control:read:org: Read access to authorization control at the organization level.
            bank_account_application:read:org: >-
              View submitted applications to open bank accounts within your
              organization.
            bank_account_application:write:org: >-
              Submit and manage applications to open new bank accounts within
              your organization.
            bank_account:read:org: View bank account details and balances within your organization.
            bank_account:write:org: Create, update, and close bank accounts within your organization.
            beneficial_owner:read:org: >-
              View beneficial ownership information, including individuals'
              ownership stakes and identifying details.
            comment:read:org: >-
              View comments and notes added to financial records across your
              organization.
            comment:write:org: >-
              Add and manage comments and notes on financial records across your
              organization.
            counterpart:read:org: >-
              View the suppliers and clients your organization transacts with.
              Counterparts are required before creating invoices, quotes, and
              other financial documents.
            counterpart:write:org: >-
              Add and update the suppliers and clients your organization
              transacts with. Counterparts are required before creating
              invoices, quotes, and other financial documents.
            credit_card:activate:org: >-
              Activate newly issued credit cards for use within your
              organization.
            credit_card_application:read:org: View credit card applications submitted within your organization.
            credit_card_application:write:org: >-
              Submit and manage credit card applications within your
              organization.
            credit_card:read:org: >-
              View credit card details and status for cards in your
              organization.
            developer_portal: >-
              Access the Tesouro Developer Portal to view API documentation and
              manage developer resources.
            dispute:read: >-
              View payment disputes and any supporting documents attached to
              them.
            dispute:write: >-
              Accept or challenge payment disputes by uploading and submitting
              supporting evidence.
            email: ''
            expense:approve:org: >-
              Review and approve or reject expense reports submitted across your
              organization.
            expense:read:org: View expense reports and submissions across your organization.
            expense:read:self: View your own expense submissions and reports.
            expense:write:org: Create and update expense submissions across your organization.
            expense:write:self: Submit and update your own expense reports.
            export:read:org: >-
              View and download previously generated data exports for your
              organization.
            export:write:org: Generate and manage data exports for your organization.
            external_bank_account:micro_deposit:org: >-
              Initiate micro-deposit verification to confirm ownership of
              external bank accounts linked to your organization.
            external_bank_account:read:org: >-
              View external bank accounts that have been linked to your
              organization.
            external_bank_account:set_verification:org: >-
              Manually set the verification status of linked external bank
              accounts, bypassing the standard verification process.
            external_bank_account:write:org: >-
              Add, update, or remove external bank accounts linked to your
              organization.
            invoice:read:org: View invoices issued and received across your organization.
            invoice:write:org: Create, edit, and manage invoices across your organization.
            mailbox:read:org: >-
              View the email mailboxes configured to automatically capture
              incoming invoices as payables and collect expense receipts for
              your organization.
            mailbox:write:org: >-
              Configure email mailboxes that automatically capture incoming
              invoices as payables and collect expense receipts for your
              organization.
            notification:subscription:read: >-
              View active webhook and event notification subscriptions and their
              configurations.
            notification:subscription:write: >-
              Create, update, and delete webhook and event notification
              subscriptions.
            ocr_task:read:org: >-
              View the results and status of automated receipt and invoice
              scanning tasks.
            ocr_task:write:org: >-
              Submit and manage automated receipt and invoice scanning tasks for
              your organization.
            offline_access: ''
            oidc:app:manage: >-
              Add, edit, and remove access to OIDC applications and their
              scopes.
            oidc:app:read: Read only access to the OIDC applications and their scopes
            oidc:app:write: >-
              Add and edit - but not remove - access to OIDC applications and
              their scopes
            openid: ''
            organization:read:org: View your organization's profile and general details.
            organization_settings:read:org: View configuration settings for your organization.
            organization_settings:write:org: Update configuration settings for your organization.
            organization:write:org: Update your organization's profile and general details.
            org:write:all: >-
              Enable or disable organizations on the platform. This is a
              high-privilege permission typically reserved for platform
              administrators.
            partner_portal: >-
              Access the Tesouro Partner Portal to manage your partnership
              settings and sub-merchant configurations.
            payable:approve:org: >-
              Review and approve bills and accounts payable before they are
              paid.
            payable:pay:org: >-
              Authorize and submit payments for approved bills and accounts
              payable.
            payable:read:org: View bills and accounts payable across your organization.
            payable:write:org: >-
              Create and update bills and accounts payable across your
              organization.
            payment_link:write: >-
              Generate and manage shareable payment links to collect payments
              from customers.
            payment_processing: ''
            payment_rail:ach: Process payments via the ACH (Automated Clearing House) network.
            payment_rail:fednow: Process instant payments via the FedNow network.
            payment_rail:rtp: Process real-time payments via the RTP network.
            payment_record:read:org: >-
              View payment transaction history and records for your
              organization.
            payment_record:write:org: >-
              Record payments against invoices and manage their status,
              including marking payments as succeeded, cancelling, or moving
              them into processing.
            product:read:org: >-
              View the product and service catalog used for invoicing within
              your organization.
            product:write:org: >-
              Add and update products and services in your organization's
              invoicing catalog.
            profile: ''
            role:read:org: >-
              View user roles and their associated permissions within your
              organization.
            role:write:org: >-
              Create and update user roles and permission sets within your
              organization.
            transfer:write:org: Create and submit money transfers within your organization.
            underwriting:application:approval:escalation: >-
              Provide a senior-level escalation approval on underwriting
              applications that require additional review.
            underwriting:application:approval:secondary: >-
              Provide a second-level approval on underwriting applications as
              part of a multi-step review process.
            underwriting:application:read: >-
              View underwriting applications, including sensitive business
              details and personally identifiable information.
            underwriting:application:write: >-
              Edit, approve, and manage underwriting applications and decisions,
              and attach supporting documents.
            user_profile:write:all: >-
              Update profile information for any user across all organizations.
              This is a high-privilege permission typically reserved for
              platform administrators.
            user_profile:write:self: >-
              Update your own user profile, including your name, contact
              information, and preferences.
            user:read:org: View user accounts and their details within your organization.
            user:read:self: >-
              Read access to the user's own record and the name/email of their
              direct reports.
            user:write:all: >-
              Create and manage user accounts across multiple organizations.
              This is a high-privilege permission typically reserved for
              platform administrators.
            user:write:org: Create, update, and manage user accounts within your organization.
    USERToken:
      type: oauth2
      description: User OAuth2 access token (authorization code with PKCE).
      flows:
        authorizationCode:
          authorizationUrl: /connect/authorize
          tokenUrl: /connect/token
          scopes:
            acceptor:application:read: >-
              View merchant boarding applications, including business and
              ownership details. Contains sensitive personally identifiable
              information.
            acceptor:application:secondaryapproval: >-
              Provide a secondary approval on merchant boarding and underwriting
              applications as part of a multi-step review.
            acceptor:application:write: >-
              Edit, approve, and manage merchant boarding and underwriting
              applications, and attach supporting documents.
            accounting_config:read:org: >-
              View ledger accounts, tax rates, cost centers, tags, and projects
              configured for your organization.
            accounting_config:write:org: >-
              Create and update ledger accounts, tax rates, cost centers, tags,
              and projects for your organization.
            acquiring:report:read: >-
              View transaction and settlement reports for your acquiring
              activity.
            approval_policy:read:org: >-
              View approval workflows and spending policies configured for your
              organization.
            approval_policy:write:org: >-
              Create and update approval workflows and spending policies for
              your organization.
            approval_request:create:org: >-
              Submit items for approval within your organization's approval
              workflows.
            approval_request:delete:org: Delete approval requests within your organization.
            approval_request:read:org: >-
              View pending and completed approval requests across your
              organization.
            approval_request:update:org: >-
              Edit and update existing approval requests within your
              organization.
            authorization_control:read:org: Read access to authorization control at the organization level.
            bank_account_application:read:org: >-
              View submitted applications to open bank accounts within your
              organization.
            bank_account_application:write:org: >-
              Submit and manage applications to open new bank accounts within
              your organization.
            bank_account:read:org: View bank account details and balances within your organization.
            bank_account:write:org: Create, update, and close bank accounts within your organization.
            beneficial_owner:read:org: >-
              View beneficial ownership information, including individuals'
              ownership stakes and identifying details.
            comment:read:org: >-
              View comments and notes added to financial records across your
              organization.
            comment:write:org: >-
              Add and manage comments and notes on financial records across your
              organization.
            counterpart:read:org: >-
              View the suppliers and clients your organization transacts with.
              Counterparts are required before creating invoices, quotes, and
              other financial documents.
            counterpart:write:org: >-
              Add and update the suppliers and clients your organization
              transacts with. Counterparts are required before creating
              invoices, quotes, and other financial documents.
            credit_card:activate:org: >-
              Activate newly issued credit cards for use within your
              organization.
            credit_card_application:read:org: View credit card applications submitted within your organization.
            credit_card_application:write:org: >-
              Submit and manage credit card applications within your
              organization.
            credit_card:read:org: >-
              View credit card details and status for cards in your
              organization.
            developer_portal: >-
              Access the Tesouro Developer Portal to view API documentation and
              manage developer resources.
            dispute:read: >-
              View payment disputes and any supporting documents attached to
              them.
            dispute:write: >-
              Accept or challenge payment disputes by uploading and submitting
              supporting evidence.
            email: ''
            expense:approve:org: >-
              Review and approve or reject expense reports submitted across your
              organization.
            expense:read:org: View expense reports and submissions across your organization.
            expense:read:self: View your own expense submissions and reports.
            expense:write:org: Create and update expense submissions across your organization.
            expense:write:self: Submit and update your own expense reports.
            export:read:org: >-
              View and download previously generated data exports for your
              organization.
            export:write:org: Generate and manage data exports for your organization.
            external_bank_account:micro_deposit:org: >-
              Initiate micro-deposit verification to confirm ownership of
              external bank accounts linked to your organization.
            external_bank_account:read:org: >-
              View external bank accounts that have been linked to your
              organization.
            external_bank_account:set_verification:org: >-
              Manually set the verification status of linked external bank
              accounts, bypassing the standard verification process.
            external_bank_account:write:org: >-
              Add, update, or remove external bank accounts linked to your
              organization.
            invoice:read:org: View invoices issued and received across your organization.
            invoice:write:org: Create, edit, and manage invoices across your organization.
            mailbox:read:org: >-
              View the email mailboxes configured to automatically capture
              incoming invoices as payables and collect expense receipts for
              your organization.
            mailbox:write:org: >-
              Configure email mailboxes that automatically capture incoming
              invoices as payables and collect expense receipts for your
              organization.
            notification:subscription:read: >-
              View active webhook and event notification subscriptions and their
              configurations.
            notification:subscription:write: >-
              Create, update, and delete webhook and event notification
              subscriptions.
            ocr_task:read:org: >-
              View the results and status of automated receipt and invoice
              scanning tasks.
            ocr_task:write:org: >-
              Submit and manage automated receipt and invoice scanning tasks for
              your organization.
            offline_access: ''
            oidc:app:manage: >-
              Add, edit, and remove access to OIDC applications and their
              scopes.
            oidc:app:read: Read only access to the OIDC applications and their scopes
            oidc:app:write: >-
              Add and edit - but not remove - access to OIDC applications and
              their scopes
            openid: ''
            organization:read:org: View your organization's profile and general details.
            organization_settings:read:org: View configuration settings for your organization.
            organization_settings:write:org: Update configuration settings for your organization.
            organization:write:org: Update your organization's profile and general details.
            org:write:all: >-
              Enable or disable organizations on the platform. This is a
              high-privilege permission typically reserved for platform
              administrators.
            partner_portal: >-
              Access the Tesouro Partner Portal to manage your partnership
              settings and sub-merchant configurations.
            payable:approve:org: >-
              Review and approve bills and accounts payable before they are
              paid.
            payable:pay:org: >-
              Authorize and submit payments for approved bills and accounts
              payable.
            payable:read:org: View bills and accounts payable across your organization.
            payable:write:org: >-
              Create and update bills and accounts payable across your
              organization.
            payment_link:write: >-
              Generate and manage shareable payment links to collect payments
              from customers.
            payment_processing: ''
            payment_rail:ach: Process payments via the ACH (Automated Clearing House) network.
            payment_rail:fednow: Process instant payments via the FedNow network.
            payment_rail:rtp: Process real-time payments via the RTP network.
            payment_record:read:org: >-
              View payment transaction history and records for your
              organization.
            payment_record:write:org: >-
              Record payments against invoices and manage their status,
              including marking payments as succeeded, cancelling, or moving
              them into processing.
            product:read:org: >-
              View the product and service catalog used for invoicing within
              your organization.
            product:write:org: >-
              Add and update products and services in your organization's
              invoicing catalog.
            profile: ''
            role:read:org: >-
              View user roles and their associated permissions within your
              organization.
            role:write:org: >-
              Create and update user roles and permission sets within your
              organization.
            transfer:write:org: Create and submit money transfers within your organization.
            underwriting:application:approval:escalation: >-
              Provide a senior-level escalation approval on underwriting
              applications that require additional review.
            underwriting:application:approval:secondary: >-
              Provide a second-level approval on underwriting applications as
              part of a multi-step review process.
            underwriting:application:read: >-
              View underwriting applications, including sensitive business
              details and personally identifiable information.
            underwriting:application:write: >-
              Edit, approve, and manage underwriting applications and decisions,
              and attach supporting documents.
            user_profile:write:all: >-
              Update profile information for any user across all organizations.
              This is a high-privilege permission typically reserved for
              platform administrators.
            user_profile:write:self: >-
              Update your own user profile, including your name, contact
              information, and preferences.
            user:read:org: View user accounts and their details within your organization.
            user:read:self: >-
              Read access to the user's own record and the name/email of their
              direct reports.
            user:write:all: >-
              Create and manage user accounts across multiple organizations.
              This is a high-privilege permission typically reserved for
              platform administrators.
            user:write:org: Create, update, and manage user accounts within your organization.

````