Retrieve Member Roles for an Organization

When working with organizations programmatically, you may need to retrieve a list of roles assigned to a member of an organization.

You can view the roles associated with an organization member using either the Auth0 Dashboard or the Management API.

Auth0 Dashboard

  1. Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to view membership.

  2. Select the Members view, and select the user for whom you want to view roles.

Management API

Make a GET call to the Get Organization Member Roles endpoint. Be sure to replace the ORG_ID, USER_ID, and MGMT_API_ACCESS_TOKEN placeholder values with your organization ID, member's user ID, and Management API Access Token, respectively.


curl --request GET \
  --url 'https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN'

Was this helpful?

/
var client = new RestClient("https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles");
var request = new RestRequest(Method.GET);
request.AddHeader("authorization", "Bearer MGMT_API_ACCESS_TOKEN");
IRestResponse response = client.Execute(request);

Was this helpful?

/
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("authorization", "Bearer MGMT_API_ACCESS_TOKEN")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Was this helpful?

/
HttpResponse<String> response = Unirest.get("https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles")
  .header("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
  .asString();

Was this helpful?

/
var axios = require("axios").default;

var options = {
  method: 'GET',
  url: 'https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles',
  headers: {authorization: 'Bearer MGMT_API_ACCESS_TOKEN'}
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});

Was this helpful?

/
#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"authorization": @"Bearer MGMT_API_ACCESS_TOKEN" };

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles"]
                                                       cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                   timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
[request setAllHTTPHeaderFields:headers];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
                                                }
                                            }];
[dataTask resume];

Was this helpful?

/
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => [
    "authorization: Bearer MGMT_API_ACCESS_TOKEN"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Was this helpful?

/
import http.client

conn = http.client.HTTPSConnection("")

headers = { 'authorization': "Bearer MGMT_API_ACCESS_TOKEN" }

conn.request("GET", "/{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles", headers=headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

Was this helpful?

/
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Bearer MGMT_API_ACCESS_TOKEN'

response = http.request(request)
puts response.read_body

Was this helpful?

/
import Foundation

let headers = ["authorization": "Bearer MGMT_API_ACCESS_TOKEN"]

let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Was this helpful?

/

Value Description
ORG_ID ID of the organization for which you want to retrieve a member's roles.
USER_ID User ID of the member for which you want to retrieve roles.
MGMT_API_ACCESS_TOKEN Access Token for the Management API with the scope read:organization_member_roles.

Response status codes

Possible response status codes are as follows:

Status code Error code Message Cause
200 Roles successfully retrieved.
400 invalid_query_string Invalid request query string. The message will vary depending on the cause. The query string is not valid.
401 Invalid token.
401 Invalid signature received for JSON Web Token validation.
401 Client is not global.
403 insufficient_scope Insufficient scope; expected any of: read:organization_member_roles. Tried to read/write a field that is not allowed with provided bearer token scopes.
429 Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers.