Skip to main content

Get Users

Retrieve a list of all users in the system. This endpoint returns basic user information including ID, email, and username.

Headers

Authorization
string
required
Bearer token for authentication

Response

message
string
Success message
data
array
Array of user objects
data[].id
number
Unique identifier for the user
data[].email
string
User’s email address
data[].username
string
User’s username
curl -X GET https://api.noteverse.com/api/users \
  -H "Authorization: Bearer YOUR_TOKEN"

Response Example

{
  "message": "Users fetched successfully",
  "data": [
    {
      "id": 1,
      "email": "alice@example.com",
      "username": "alice"
    },
    {
      "id": 2,
      "email": "bob@example.com",
      "username": "bob"
    },
    {
      "id": 3,
      "email": "charlie@example.com",
      "username": "charlie"
    }
  ]
}
This endpoint returns only public user information. Sensitive fields like password, authToken, and verificationToken are not included in the response.

Error Responses

error
string
Error message describing what went wrong
statusCode
number
HTTP status code indicating the error type
401 Unauthorized - Invalid or missing authentication token 
{
  "error": "Invalid authentication token",
  "statusCode": 401
}
403 Forbidden - Token validation failed 
{
  "error": "Authentication failed",
  "statusCode": 403
}

Use Cases

This endpoint is commonly used for:
  • User Search: Finding users to share notes with
  • Autocomplete: Populating user selection dropdowns
  • Team Management: Displaying team members
  • Social Features: Showing available users for mentions or collaborations

Security

The endpoint requires a valid authentication token in the Authorization header. The token is validated using the authTokenValidation function before any user data is returned.
All requests must include a valid Bearer token. Requests without authentication will be rejected with a 401 or 403 status code.

Data Privacy

The response intentionally excludes sensitive user data:
  • Password (hashed)
  • Authentication tokens
  • Email verification tokens
  • Email verification status
Only the user’s ID, email, and username are exposed through this endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us