It would be great to have access to those info through API, all based on current account obviously:
- User list
- App list
- Role list along with their members and access
1 Like
Hello! Just want to give a quick update here. For Enterprise users Retool recently made the SCIM user API available on Cloud for user management. At the moment, bringing the same API to self-serve users isn't part of the road map but as the API expands certain features may be made more widely available. I'll try and post here again if that is the case!
Hey 
User listing works great, yes!
Since the topic still open, I'd like to ask about filters.
Trying to get all active users with no luck:
curl 'https://retool.domain.com/api/scim/v2/Users?filter=active%20eq%20"true"' -H 'Authorization: Bearer retool_01hawdwbgajkchaeou9'
is it even possible?
And still get all users. Also example from the docs didn't work - username/nickname isn't "filterable".
retool v3.6
Hey @Punka
The only filter that can currently be applied on the GET /users endpoint is on userName. So there isn't a way to filter on active.
The example from the docs should work as long as the user has data in the userName column in the db.
If there is no user with that userName in the db, then an empty array is returned.
Wow, unexpected!
Looks like we're going to implement filtering outside retool's api.
Appreciate your help.
How to fix the error below
{
"detail": "SCIM request not authorized - incorrect scope",
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
]
}
Trying to get all users
curl -X GET "https://monime.retool.com/api/scim/v2/Users" -H Authorization: Bearer retool_01h"
This SCIM endpoint requires a token that has SCIM-specific scopes, typically something like:
scim:read
or a broader scope like admin
If your token doesn't have the correct permissions, Retool will reject the request with the "SCIM request not authorized - incorrect scope" error.
For the token you are using, retool_01h..., looks like an API key or personal access token, not an OAuth access token with scopes.
Are you using an Identity Provider (IdP) like Okta, Azure AD, or Google Workspace?
Have you tried going to Retool Admin → Authentication → SCIM and use the token provided there?