Organization Users API

Overview

Manage organization membership, including inviting users, updating roles, and controlling access.

Get Organization User

Retrieve details of a specific organization user.

GET /organizations/{orgId}/users/{id}

orgId

string

required

Organization ID

string

required

Organization user ID

includeGroups

boolean

default:"false"

Include group memberships

Response

string

required

Organization user ID

userId

string

User account ID (null if invited but not accepted)

type

number

required

User type/role (0=Owner, 1=Admin, 2=User, 3=Manager, 4=Custom)

status

number

required

Status (0=Invited, 1=Accepted, 2=Confirmed, -1=Revoked)

string

required

User’s email address

accessAll

boolean

Whether user has access to all collections

collections

array

Collections assigned to user

groups

array

Group IDs (if includeGroups=true)

List Organization Users

Retrieve all users in an organization.

GET /organizations/{orgId}/users?includeGroups={includeGroups}&includeCollections={includeCollections}

orgId

string

required

Organization ID

includeGroups

boolean

default:"false"

Include group memberships for each user

includeCollections

boolean

default:"false"

Include collection assignments for each user

Get Mini Details

Retrieve basic user information for all organization members.

GET /organizations/{orgId}/users/mini-details

orgId

string

required

Organization ID

This endpoint returns minimal information and is available to all organization members for managing collection access.

Invite User

Invite a new user to the organization.

curl -X POST "https://api.bitwarden.com/organizations/{orgId}/users/invite" \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "emails": ["[email protected]"],
    "type": 2,
    "accessAll": false,
    "collections": [
      {
        "id": "collection-guid",
        "readOnly": false,
        "hidePasswords": false
      }
    ],
    "groups": ["group-guid"]
  }'

Request Body

emails

array

required

Email addresses to invite

type

number

required

User role (0=Owner, 1=Admin, 2=User, 3=Manager, 4=Custom)

accessAll

boolean

default:"false"

Grant access to all collections

collections

array

Collection assignments (required if accessAll=false)

groups

array

Group IDs to add user to

permissions

object

Custom permissions (required if type=4)

accessSecretsManager

boolean

default:"false"

Grant Secrets Manager access

Reinvite User

Resend invitation email to a user.

POST /organizations/{orgId}/users/{id}/reinvite

orgId

string

required

Organization ID

string

required

Organization user ID

Bulk Reinvite Users

Resend invitations to multiple users.

POST /organizations/{orgId}/users/reinvite

orgId

string

required

Organization ID

ids

array

required

Array of organization user IDs

Accept Invitation

Accept an organization invitation.

POST /organizations/{orgId}/users/{id}/accept

orgId

string

required

Organization ID

string

required

Organization user ID

token

string

required

Invitation token from email

Confirm User

Confirm a user after they accept the invitation.

POST /organizations/{orgId}/users/{id}/confirm

orgId

string

required

Organization ID

string

required

Organization user ID

key

string

required

User’s encrypted organization key

Update User

Update user’s role, permissions, or collection access.

PUT /organizations/{orgId}/users/{id}

orgId

string

required

Organization ID

string

required

Organization user ID

Request Body

type

number

required

User role

accessAll

boolean

required

Access all collections

collections

array

Collection assignments

groups

array

Group IDs

permissions

object

Custom permissions (if type=4)

Revoke User Access

Revoke a user’s access to the organization.

PUT /organizations/{orgId}/users/{id}/revoke

orgId

string

required

Organization ID

string

required

Organization user ID

Revoked users cannot access the organization but remain in the user list. They can be restored later.

Restore User

Restore a revoked user’s access.

PUT /organizations/{orgId}/users/{id}/restore

orgId

string

required

Organization ID

string

required

Organization user ID

Remove User

Permanently remove a user from the organization.

DELETE /organizations/{orgId}/users/{id}

orgId

string

required

Organization ID

string

required

Organization user ID

Removing a user deletes their organization membership. They will lose access to all shared items.

Bulk Remove Users

Remove multiple users at once.

DELETE /organizations/{orgId}/users

orgId

string

required

Organization ID

ids

array

required

Array of organization user IDs to remove

Account Recovery

Get Reset Password Details

Retrieve information needed to reset a user’s password.

GET /organizations/{orgId}/users/{id}/reset-password-details

orgId

string

required

Organization ID

string

required

Organization user ID

Get Bulk Recovery Details

Get recovery details for multiple users.

POST /organizations/{orgId}/users/account-recovery-details

orgId

string

required

Organization ID

ids

array

required

Array of organization user IDs

User Status Flow

Invited (0): User has been invited but hasn’t accepted
Accepted (1): User accepted invitation but not confirmed by admin
Confirmed (2): User fully active in organization
Revoked (-1): User access temporarily suspended

Permissions Model

Standard Roles

Role	Type	Description
Owner	0	Full access to everything
Admin	1	Administrative access
User	2	Standard member access
Manager	3	Manage assigned collections
Custom	4	Custom permission set

Custom Permissions

When type=4, specify granular permissions:

{
  "accessEventLogs": true,
  "accessImportExport": false,
  "accessReports": true,
  "createNewCollections": true,
  "editAnyCollection": false,
  "deleteAnyCollection": false,
  "editAssignedCollections": true,
  "deleteAssignedCollections": false,
  "manageGroups": false,
  "managePolicies": false,
  "manageSso": false,
  "manageUsers": false,
  "manageResetPassword": false
}

Authentication

Vault

Organizations

Secrets Manager

Public API

Overview

Get Organization User

Response

List Organization Users

Get Mini Details

Invite User

Request Body

Reinvite User

Bulk Reinvite Users

Accept Invitation

Confirm User

Update User

Request Body

Revoke User Access

Restore User

Remove User

Bulk Remove Users

Account Recovery

Get Reset Password Details

Get Bulk Recovery Details

User Status Flow

Permissions Model

Standard Roles

Custom Permissions

Build docs developers (and LLMs) love

Authentication

Vault

Organizations

Secrets Manager

Public API

​Overview

​Get Organization User

​Response

​List Organization Users

​Get Mini Details

​Invite User

​Request Body

​Reinvite User

​Bulk Reinvite Users

​Accept Invitation

​Confirm User

​Update User

​Request Body

​Revoke User Access

​Restore User

​Remove User

​Bulk Remove Users

​Account Recovery

​Get Reset Password Details

​Get Bulk Recovery Details

​User Status Flow

​Permissions Model

​Standard Roles

​Custom Permissions

Build docs developers (and LLMs) love

Overview

Get Organization User

Response

List Organization Users

Get Mini Details

Invite User

Request Body

Reinvite User

Bulk Reinvite Users

Accept Invitation

Confirm User

Update User

Request Body

Revoke User Access

Restore User

Remove User

Bulk Remove Users

Account Recovery

Get Reset Password Details

Get Bulk Recovery Details

User Status Flow

Permissions Model

Standard Roles

Custom Permissions