The Snowflake User API is a REST API that you can use to access, update, and perform certain action on Users in a Snowflake database.
openapi: 3.0.0
servers:
- description: Snowflake REST Server
url: https://org-account.snowflakecomputing.com
info:
version: 0.0.1
title: Snowflake User API
description: The Snowflake User API is a REST API that you can use to access, update, and perform certain action on Users in a Snowflake database.
contact:
name: Snowflake, Inc.
url: https://snowflake.com
email: support@snowflake.com
paths:
/api/v2/users:
post:
summary: Create a User
tags:
- user
description: Create a user according to the parameters given
operationId: createUser
parameters:
- $ref: common.yaml#/components/parameters/createMode
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/User'
examples:
CreateuserRequestExample:
summary: Default createUser request
x-microcks-default: true
value:
name: Example Title
password: example_value
login_name: example_value
display_name: example_value
first_name: example_value
middle_name: example_value
last_name: example_value
email: user@example.com
must_change_password: true
disabled: true
days_to_expiry: 10
mins_to_unlock: 10
default_warehouse: example_value
default_namespace: example_value
default_role: example_value
default_secondary_roles: ALL
mins_to_bypass_mfa: 10
rsa_public_key: example_value
rsa_public_key_2: example_value
comment: example_value
type: example_value
enable_unredacted_query_syntax_error: true
network_policy: example_value
created_on: '2026-01-15T10:30:00Z'
last_successful_login: '2026-01-15T10:30:00Z'
expires_at: '2026-01-15T10:30:00Z'
locked_until: '2026-01-15T10:30:00Z'
has_password: true
has_rsa_public_key: true
rsa_public_key_fp: example_value
rsa_public_key_2_fp: example_value
ext_authn_duo: true
ext_authn_uid: '500123'
owner: example_value
snowflake_lock: true
snowflake_support: true
mins_to_bypass_network_policy: 10
password_last_set: '2026-01-15T10:30:00Z'
custom_landing_page_url: https://www.example.com
custom_landing_page_url_flush_next_ui_load: https://www.example.com
responses:
'200':
$ref: common.yaml#/components/responses/200SuccessResponse
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
get:
summary: List Users in the System.
tags:
- user
description: Lists the users in the system.
operationId: listUsers
parameters:
- $ref: common.yaml#/components/parameters/like
- $ref: common.yaml#/components/parameters/startsWith
- $ref: common.yaml#/components/parameters/showLimit
- $ref: common.yaml#/components/parameters/fromName
responses:
'200':
description: successful
headers:
X-Snowflake-Request-ID:
$ref: common.yaml#/components/headers/X-Snowflake-Request-ID
Link:
$ref: common.yaml#/components/headers/Link
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/User'
examples:
Listusers200Example:
summary: Default listUsers 200 response
x-microcks-default: true
value:
- name: Example Title
password: example_value
login_name: example_value
display_name: example_value
first_name: example_value
middle_name: example_value
last_name: example_value
email: user@example.com
must_change_password: true
disabled: true
days_to_expiry: 10
mins_to_unlock: 10
default_warehouse: example_value
default_namespace: example_value
default_role: example_value
default_secondary_roles: ALL
mins_to_bypass_mfa: 10
rsa_public_key: example_value
rsa_public_key_2: example_value
comment: example_value
type: example_value
enable_unredacted_query_syntax_error: true
network_policy: example_value
created_on: '2026-01-15T10:30:00Z'
last_successful_login: '2026-01-15T10:30:00Z'
expires_at: '2026-01-15T10:30:00Z'
locked_until: '2026-01-15T10:30:00Z'
has_password: true
has_rsa_public_key: true
rsa_public_key_fp: example_value
rsa_public_key_2_fp: example_value
ext_authn_duo: true
ext_authn_uid: '500123'
owner: example_value
snowflake_lock: true
snowflake_support: true
mins_to_bypass_network_policy: 10
password_last_set: '2026-01-15T10:30:00Z'
custom_landing_page_url: https://www.example.com
custom_landing_page_url_flush_next_ui_load: https://www.example.com
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/api/v2/users/{name}:
get:
parameters:
- $ref: common.yaml#/components/parameters/name
summary: Fetch Information About a User
tags:
- user
description: Fetch user information using the result of the DESCRIBE command
operationId: fetchUser
responses:
'200':
description: successful
headers:
X-Snowflake-Request-ID:
$ref: common.yaml#/components/headers/X-Snowflake-Request-ID
Link:
$ref: common.yaml#/components/headers/Link
content:
application/json:
schema:
$ref: '#/components/schemas/User'
examples:
Fetchuser200Example:
summary: Default fetchUser 200 response
x-microcks-default: true
value:
name: Example Title
password: example_value
login_name: example_value
display_name: example_value
first_name: example_value
middle_name: example_value
last_name: example_value
email: user@example.com
must_change_password: true
disabled: true
days_to_expiry: 10
mins_to_unlock: 10
default_warehouse: example_value
default_namespace: example_value
default_role: example_value
default_secondary_roles: ALL
mins_to_bypass_mfa: 10
rsa_public_key: example_value
rsa_public_key_2: example_value
comment: example_value
type: example_value
enable_unredacted_query_syntax_error: true
network_policy: example_value
created_on: '2026-01-15T10:30:00Z'
last_successful_login: '2026-01-15T10:30:00Z'
expires_at: '2026-01-15T10:30:00Z'
locked_until: '2026-01-15T10:30:00Z'
has_password: true
has_rsa_public_key: true
rsa_public_key_fp: example_value
rsa_public_key_2_fp: example_value
ext_authn_duo: true
ext_authn_uid: '500123'
owner: example_value
snowflake_lock: true
snowflake_support: true
mins_to_bypass_network_policy: 10
password_last_set: '2026-01-15T10:30:00Z'
custom_landing_page_url: https://www.example.com
custom_landing_page_url_flush_next_ui_load: https://www.example.com
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
delete:
parameters:
- $ref: common.yaml#/components/parameters/name
- $ref: common.yaml#/components/parameters/ifExists
summary: Delete a User
tags:
- user
description: Delete a user with the given name.
operationId: deleteUser
responses:
'200':
$ref: common.yaml#/components/responses/200SuccessResponse
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
put:
summary: Create a (or Alter an Existing) User.
description: Create a (or alter an existing) user. Even if the operation is just an alter, the full property set must be provided. Note that password is not currently altered by this operation
but is supported for a newly-created object.
operationId: createOrAlterUser
tags:
- user
parameters:
- $ref: common.yaml#/components/parameters/name
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/User'
examples:
CreateoralteruserRequestExample:
summary: Default createOrAlterUser request
x-microcks-default: true
value:
name: Example Title
password: example_value
login_name: example_value
display_name: example_value
first_name: example_value
middle_name: example_value
last_name: example_value
email: user@example.com
must_change_password: true
disabled: true
days_to_expiry: 10
mins_to_unlock: 10
default_warehouse: example_value
default_namespace: example_value
default_role: example_value
default_secondary_roles: ALL
mins_to_bypass_mfa: 10
rsa_public_key: example_value
rsa_public_key_2: example_value
comment: example_value
type: example_value
enable_unredacted_query_syntax_error: true
network_policy: example_value
created_on: '2026-01-15T10:30:00Z'
last_successful_login: '2026-01-15T10:30:00Z'
expires_at: '2026-01-15T10:30:00Z'
locked_until: '2026-01-15T10:30:00Z'
has_password: true
has_rsa_public_key: true
rsa_public_key_fp: example_value
rsa_public_key_2_fp: example_value
ext_authn_duo: true
ext_authn_uid: '500123'
owner: example_value
snowflake_lock: true
snowflake_support: true
mins_to_bypass_network_policy: 10
password_last_set: '2026-01-15T10:30:00Z'
custom_landing_page_url: https://www.example.com
custom_landing_page_url_flush_next_ui_load: https://www.example.com
responses:
'200':
$ref: common.yaml#/components/responses/200SuccessResponse
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/api/v2/users/{name}/grants:
get:
parameters:
- $ref: common.yaml#/components/parameters/name
- $ref: common.yaml#/components/parameters/showLimit
summary: List All Grants to the User
tags:
- user
description: List all grants to the user
operationId: listGrants
responses:
'200':
description: successful
headers:
X-Snowflake-Request-ID:
$ref: common.yaml#/components/headers/X-Snowflake-Request-ID
Link:
$ref: common.yaml#/components/headers/Link
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Grant'
examples:
Listgrants200Example:
summary: Default listGrants 200 response
x-microcks-default: true
value:
- securable:
database: example_value
schema: example_value
name: Example Title
containing_scope:
database: example_value
schema: example_value
securable_type: example_value
privileges:
- example_value
created_on: '2026-01-15T10:30:00Z'
granted_by: example_value
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
post:
summary: Grant a Role to the User
tags:
- user
description: Grant a role to the user
operationId: grant
parameters:
- $ref: common.yaml#/components/parameters/name
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Grant'
examples:
GrantRequestExample:
summary: Default grant request
x-microcks-default: true
value:
securable:
database: example_value
schema: example_value
name: Example Title
containing_scope:
database: example_value
schema: example_value
securable_type: example_value
privileges:
- example_value
created_on: '2026-01-15T10:30:00Z'
granted_by: example_value
responses:
'200':
$ref: common.yaml#/components/responses/200SuccessResponse
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/api/v2/users/{name}/grants:revoke:
post:
summary: Revoke Grants From the User
tags:
- user
description: Revoke grants from the user
operationId: revokeGrants
parameters:
- $ref: common.yaml#/components/parameters/name
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Grant'
examples:
RevokegrantsRequestExample:
summary: Default revokeGrants request
x-microcks-default: true
value:
securable:
database: example_value
schema: example_value
name: Example Title
containing_scope:
database: example_value
schema: example_value
securable_type: example_value
privileges:
- example_value
created_on: '2026-01-15T10:30:00Z'
granted_by: example_value
responses:
'200':
$ref: common.yaml#/components/responses/200SuccessResponse
'202':
$ref: common.yaml#/components/responses/202SuccessAcceptedResponse
'400':
$ref: common.yaml#/components/responses/400BadRequest
'401':
$ref: common.yaml#/components/responses/401Unauthorized
'403':
$ref: common.yaml#/components/responses/403Forbidden
'404':
$ref: common.yaml#/components/responses/404NotFound
'405':
$ref: common.yaml#/components/responses/405MethodNotAllowed
'408':
$ref: common.yaml#/components/responses/408RequestTimeout
'409':
$ref: common.yaml#/components/responses/409Conflict
'410':
$ref: common.yaml#/components/responses/410Gone
'429':
$ref: common.yaml#/components/responses/429LimitExceeded
'500':
$ref: common.yaml#/components/responses/500InternalServerError
'503':
$ref: common.yaml#/components/responses/503ServiceUnavailable
'504':
$ref: common.yaml#/components/responses/504GatewayTimeout
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
components:
schemas:
Grant:
type: object
properties:
securable:
$ref: '#/components/schemas/Securable'
description: Securable of the grant
containing_scope:
$ref: '#/components/schemas/ContainingScope'
description: Containing scope of the grant
securable_type:
type: string
description: Type of the securable to be granted. Only ROLE is supported
example: example_value
privileges:
type: array
items:
type: string
description: List of privileges to be granted.
example: []
created_on:
type: string
format: date-time
readOnly: true
description: Date and time when the grant was created
example: '2026-01-15T10:30:00Z'
granted_by:
type: string
readOnly: true
description: The role that granted this privilege to this grantee
example: example_value
required:
- securable_type
Securable:
type: object
properties:
database:
type: string
pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$
description: Database name of the securable if applicable.
example: example_value
schema:
type: string
pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$
description: Schema name of the securable if applicable.
example: example_value
name:
type: string
pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$
description: Name of the securable if applicable.
example: Example Title
required:
- name
ContainingScope:
type: object
properties:
database:
type: string
pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$
description: Database name of the securable scope if applicable.
example: example_value
schema:
type: string
pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$
description: Schema name of the securable scope if applicable.
example: example_value
required:
- database
User:
description: Properties of user.
type: object
required:
- name
properties:
name:
type: string
description: User name
example: jackpatel
password:
type: string
format: password
description: Password
example: example_value
login_name:
type: string
description: Login name
example: example_value
display_name:
type: string
description: Display name
example: example_value
first_name:
type: string
description: First name
example: example_value
middle_name:
type: string
description: Middle name
example: example_value
last_name:
type: string
description: Last name
example: example_value
email:
type: string
description: Email address
example: user@example.com
must_change_password:
type: boolean
description: Does this user need to change their password (e.g., after assigning a temp password)
example: true
disabled:
type: boolean
description: Has this user been disabled from the system
example: true
days_to_expiry:
type: integer
description: How many days until this user expires
example: 10
mins_to_unlock:
type: integer
description: How many minutes until the account is unlocked after multiple failed logins
example: 10
default_warehouse:
type: string
description: The default warehouse to use when this user starts a session
example: example_value
default_namespace:
type: string
description: The default namespace to use when this user starts a session
example: example_value
default_role:
type: string
description: The default role to use when this user starts a session
example: example_value
default_secondary_roles:
type: string
description: The default secondary roles of this user to use when starting a session. Only valid set values are ALL or NONE. Default is ALL after 2024-07 BCR.
enum:
- ALL
- NONE
default: ALL
example: ALL
mins_to_bypass_mfa:
type: integer
description: How many minutes until MFA is required again
example: 10
rsa_public_key:
type: string
description: RSA public key of the user
example: example_value
rsa_public_key_2:
type: string
description: Second RSA public key of the user
example: example_value
comment:
type: string
description: Comment about the user.
example: A distinguished user
type:
type: string
description: Indicates the type of user (PERSON | SERVICE | LEGACY_SERVICE)
example: example_value
enable_unredacted_query_syntax_error:
type: boolean
description: Whether to show unredacted query syntax errors in the query history.
example: true
network_policy:
type: string
description: Specifies an existing network policy is active for the user. Otherwise, use account default.
example: example_value
created_on:
type: string
readOnly: true
format: date-time
example: '2026-01-15T10:30:00Z'
last_successful_login:
type: string
readOnly: true
format: date-time
example: '2026-01-15T10:30:00Z'
expires_at:
type: string
readOnly: true
format: date-time
example: '2026-01-15T10:30:00Z'
locked_until:
type: string
readOnly: true
format: date-time
example: '2026-01-15T10:30:00Z'
has_password:
type: boolean
readOnly: true
example: true
has_rsa_public_key:
type: boolean
readOnly: true
example: true
rsa_public_key_fp:
type: string
readOnly: true
description: Fingerprint of the user's RSA public key
example: example_value
rsa_public_key_2_fp:
type: string
readOnly: true
description: Fingerprint of the user's second RSA public key
example: example_value
ext_authn_duo:
type: boolean
readOnly: true
example: true
ext_authn_uid:
type: string
readOnly: true
example: '500123'
owner:
type: string
readOnly: true
example: example_value
snowflake_lock:
type: boolean
readOnly: true
default: false
description: Whether the user, account, or organization is locked by Snowflake.
example: true
snowflake_support:
type: boolean
readOnly: true
default: false
description: Whether Snowflake Support is allowed to use the user or account
example: true
mins_to_bypass_network_policy:
type: integer
readOnly: true
description: Temporary bypass network policy on the user for a specified number of minutes
example: 10
password_last_set:
type: string
readOnly:
# --- truncated at 32 KB (32 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/snowflake/refs/heads/main/openapi/user.yaml