Skip to main content
GET
/
admin
/
users
List All Users
curl --request GET \
  --url https://api.example.com/admin/users
{
  "id": 123,
  "username": "<string>",
  "email": "<string>",
  "password": "<string>",
  "role": "<string>"
}

​
Overview

Retrieves a list of all users in the system. This is an admin-only endpoint.

​
Authentication

This endpoint requires:
  • A valid JWT token in the Authorization header
  • The user must have ROLE_ADMIN authority

​
Request

​
Headers

Authorization: Bearer <jwt_token>

​
Parameters

This endpoint does not accept any parameters.

​
Response

Returns an array of User objects.
​
id
long
The unique identifier of the user
​
username
string
The username of the user
​
email
string
The email address of the user
​
password
string
The encrypted password of the user (BCrypt hash)
​
role
string
The role assigned to the user. Possible values:
  • ROLE_USER: Regular user with standard permissions
  • ROLE_ADMIN: Administrator with elevated permissions

​
Example Request

curl -X GET http://localhost:8080/admin/users \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

​
Example Response

[
  {
    "id": 1,
    "username": "admin-user",
    "email": "[email protected]",
    "password": "$2a$10$CuLvGxp8sG8l3z.29J8OMuq0mLp8M91UiMXe/6uahhetUQle5YYmy",
    "role": "ROLE_ADMIN"
  },
  {
    "id": 2,
    "username": "normal-user",
    "email": "[email protected]",
    "password": "$2a$10$zAjODzgBZhCuL80b1OT51.jpYuOB8WmwqZ/u9ls4Xf7r0.7Vh9.jy",
    "role": "ROLE_USER"
  }
]

​
Error Responses

​
401 Unauthorized

Returned when:
  • No JWT token is provided
  • The JWT token is invalid or expired
{
  "error": "Unauthorized",
  "message": "Authentication required"
}

​
403 Forbidden

Returned when the user does not have the required ROLE_ADMIN authority. 
{
  "error": "Forbidden",
  "message": "Access denied. Admin privileges required."
}

​
How to Authenticate as Admin

To access this endpoint, you need to authenticate with admin credentials and obtain a JWT token: 
curl -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "Admin1234"
  }'
The login response will include a token field: 
{
  "id": 1,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "username": "admin-user",
  "email": "[email protected]"
}
Use this token in the Authorization header as Bearer <token> when calling the /admin/users endpoint.

​
Notes

  • The passwords returned in the response are BCrypt hashed for security
  • Only users with ROLE_ADMIN can access this endpoint
  • The endpoint returns all users regardless of their role

Build docs developers (and LLMs) love

Get started for freeTalk to us