# Get user by ID Returns a single user with connections (endpoints and resources). Endpoint: GET /users/{user_id} Version: 1.0.0 Security: ApiKeyAuth ## Query parameters: - `domain_id` (string) Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used. Example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" ## Path parameters: - `user_id` (string, required) ## Response 200 fields (application/json): - `data` (object) - `data.id` (string) Example: "c3d4e5f6-a7b8-9012-cdef-345678901234" - `data.login` (string) Example: "user@example.com" - `data.identity_type` (string) Enum: "email", "username" - `data.first_seen` (string,null) Example: "2025-12-01T08:00:00.000Z" - `data.risk_level` (integer) Example: 5 - `data.risk_level_name` (string) Enum: "none", "low", "medium", "high" - `data.connections` (object) - `data.connections.endpoints` (array) - `data.connections.endpoints.filename` (string) Example: "[US]93.101.28.33.rar" - `data.connections.endpoints.date` (string,null) Example: "2025-12-04T14:30:00.000Z" - `data.connections.resources` (array) - `data.connections.resources.resource` (string) Example: "api.example.com" - `data.connections.resources.type` (string) Enum: "domain", "ip", "apk" ## Response 401 fields (application/json): - `type` (string) Example: "validation_error" - `status` (integer) Example: 400 - `detail` (string) Example: "Invalid sort field: \"foo\". Valid: [\"risk_level\", \"first_seen\", \"added_at\"]." ## Response 403 fields (application/json): - `type` (string) Example: "validation_error" - `status` (integer) Example: 400 - `detail` (string) Example: "Invalid sort field: \"foo\". Valid: [\"risk_level\", \"first_seen\", \"added_at\"]." ## Response 404 fields (application/json): - `type` (string) Example: "validation_error" - `status` (integer) Example: 400 - `detail` (string) Example: "Invalid sort field: \"foo\". Valid: [\"risk_level\", \"first_seen\", \"added_at\"]."