openapi: 3.0.0 servers: - description: Snowflake REST Server url: https://org-account.snowflakecomputing.com info: version: 0.0.1 title: Snowflake User API description: The Snowflake User API is a REST API that you can use to access, update, and perform certain action on Users in a Snowflake database. contact: name: Snowflake, Inc. url: https://snowflake.com email: support@snowflake.com paths: /api/v2/users: post: summary: Create a User tags: - user description: Create a user according to the parameters given operationId: createUser parameters: - $ref: common.yaml#/components/parameters/createMode requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/User' examples: CreateuserRequestExample: summary: Default createUser request x-microcks-default: true value: name: Example Title password: example_value login_name: example_value display_name: example_value first_name: example_value middle_name: example_value last_name: example_value email: user@example.com must_change_password: true disabled: true days_to_expiry: 10 mins_to_unlock: 10 default_warehouse: example_value default_namespace: example_value default_role: example_value default_secondary_roles: ALL mins_to_bypass_mfa: 10 rsa_public_key: example_value rsa_public_key_2: example_value comment: example_value type: example_value enable_unredacted_query_syntax_error: true network_policy: example_value created_on: '2026-01-15T10:30:00Z' last_successful_login: '2026-01-15T10:30:00Z' expires_at: '2026-01-15T10:30:00Z' locked_until: '2026-01-15T10:30:00Z' has_password: true has_rsa_public_key: true rsa_public_key_fp: example_value rsa_public_key_2_fp: example_value ext_authn_duo: true ext_authn_uid: '500123' owner: example_value snowflake_lock: true snowflake_support: true mins_to_bypass_network_policy: 10 password_last_set: '2026-01-15T10:30:00Z' custom_landing_page_url: https://www.example.com custom_landing_page_url_flush_next_ui_load: https://www.example.com responses: '200': $ref: common.yaml#/components/responses/200SuccessResponse '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK get: summary: List Users in the System. tags: - user description: Lists the users in the system. operationId: listUsers parameters: - $ref: common.yaml#/components/parameters/like - $ref: common.yaml#/components/parameters/startsWith - $ref: common.yaml#/components/parameters/showLimit - $ref: common.yaml#/components/parameters/fromName responses: '200': description: successful headers: X-Snowflake-Request-ID: $ref: common.yaml#/components/headers/X-Snowflake-Request-ID Link: $ref: common.yaml#/components/headers/Link content: application/json: schema: type: array items: $ref: '#/components/schemas/User' examples: Listusers200Example: summary: Default listUsers 200 response x-microcks-default: true value: - name: Example Title password: example_value login_name: example_value display_name: example_value first_name: example_value middle_name: example_value last_name: example_value email: user@example.com must_change_password: true disabled: true days_to_expiry: 10 mins_to_unlock: 10 default_warehouse: example_value default_namespace: example_value default_role: example_value default_secondary_roles: ALL mins_to_bypass_mfa: 10 rsa_public_key: example_value rsa_public_key_2: example_value comment: example_value type: example_value enable_unredacted_query_syntax_error: true network_policy: example_value created_on: '2026-01-15T10:30:00Z' last_successful_login: '2026-01-15T10:30:00Z' expires_at: '2026-01-15T10:30:00Z' locked_until: '2026-01-15T10:30:00Z' has_password: true has_rsa_public_key: true rsa_public_key_fp: example_value rsa_public_key_2_fp: example_value ext_authn_duo: true ext_authn_uid: '500123' owner: example_value snowflake_lock: true snowflake_support: true mins_to_bypass_network_policy: 10 password_last_set: '2026-01-15T10:30:00Z' custom_landing_page_url: https://www.example.com custom_landing_page_url_flush_next_ui_load: https://www.example.com '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK /api/v2/users/{name}: get: parameters: - $ref: common.yaml#/components/parameters/name summary: Fetch Information About a User tags: - user description: Fetch user information using the result of the DESCRIBE command operationId: fetchUser responses: '200': description: successful headers: X-Snowflake-Request-ID: $ref: common.yaml#/components/headers/X-Snowflake-Request-ID Link: $ref: common.yaml#/components/headers/Link content: application/json: schema: $ref: '#/components/schemas/User' examples: Fetchuser200Example: summary: Default fetchUser 200 response x-microcks-default: true value: name: Example Title password: example_value login_name: example_value display_name: example_value first_name: example_value middle_name: example_value last_name: example_value email: user@example.com must_change_password: true disabled: true days_to_expiry: 10 mins_to_unlock: 10 default_warehouse: example_value default_namespace: example_value default_role: example_value default_secondary_roles: ALL mins_to_bypass_mfa: 10 rsa_public_key: example_value rsa_public_key_2: example_value comment: example_value type: example_value enable_unredacted_query_syntax_error: true network_policy: example_value created_on: '2026-01-15T10:30:00Z' last_successful_login: '2026-01-15T10:30:00Z' expires_at: '2026-01-15T10:30:00Z' locked_until: '2026-01-15T10:30:00Z' has_password: true has_rsa_public_key: true rsa_public_key_fp: example_value rsa_public_key_2_fp: example_value ext_authn_duo: true ext_authn_uid: '500123' owner: example_value snowflake_lock: true snowflake_support: true mins_to_bypass_network_policy: 10 password_last_set: '2026-01-15T10:30:00Z' custom_landing_page_url: https://www.example.com custom_landing_page_url_flush_next_ui_load: https://www.example.com '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: parameters: - $ref: common.yaml#/components/parameters/name - $ref: common.yaml#/components/parameters/ifExists summary: Delete a User tags: - user description: Delete a user with the given name. operationId: deleteUser responses: '200': $ref: common.yaml#/components/responses/200SuccessResponse '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK put: summary: Create a (or Alter an Existing) User. description: Create a (or alter an existing) user. Even if the operation is just an alter, the full property set must be provided. Note that password is not currently altered by this operation but is supported for a newly-created object. operationId: createOrAlterUser tags: - user parameters: - $ref: common.yaml#/components/parameters/name requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/User' examples: CreateoralteruserRequestExample: summary: Default createOrAlterUser request x-microcks-default: true value: name: Example Title password: example_value login_name: example_value display_name: example_value first_name: example_value middle_name: example_value last_name: example_value email: user@example.com must_change_password: true disabled: true days_to_expiry: 10 mins_to_unlock: 10 default_warehouse: example_value default_namespace: example_value default_role: example_value default_secondary_roles: ALL mins_to_bypass_mfa: 10 rsa_public_key: example_value rsa_public_key_2: example_value comment: example_value type: example_value enable_unredacted_query_syntax_error: true network_policy: example_value created_on: '2026-01-15T10:30:00Z' last_successful_login: '2026-01-15T10:30:00Z' expires_at: '2026-01-15T10:30:00Z' locked_until: '2026-01-15T10:30:00Z' has_password: true has_rsa_public_key: true rsa_public_key_fp: example_value rsa_public_key_2_fp: example_value ext_authn_duo: true ext_authn_uid: '500123' owner: example_value snowflake_lock: true snowflake_support: true mins_to_bypass_network_policy: 10 password_last_set: '2026-01-15T10:30:00Z' custom_landing_page_url: https://www.example.com custom_landing_page_url_flush_next_ui_load: https://www.example.com responses: '200': $ref: common.yaml#/components/responses/200SuccessResponse '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK /api/v2/users/{name}/grants: get: parameters: - $ref: common.yaml#/components/parameters/name - $ref: common.yaml#/components/parameters/showLimit summary: List All Grants to the User tags: - user description: List all grants to the user operationId: listGrants responses: '200': description: successful headers: X-Snowflake-Request-ID: $ref: common.yaml#/components/headers/X-Snowflake-Request-ID Link: $ref: common.yaml#/components/headers/Link content: application/json: schema: type: array items: $ref: '#/components/schemas/Grant' examples: Listgrants200Example: summary: Default listGrants 200 response x-microcks-default: true value: - securable: database: example_value schema: example_value name: Example Title containing_scope: database: example_value schema: example_value securable_type: example_value privileges: - example_value created_on: '2026-01-15T10:30:00Z' granted_by: example_value '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK post: summary: Grant a Role to the User tags: - user description: Grant a role to the user operationId: grant parameters: - $ref: common.yaml#/components/parameters/name requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Grant' examples: GrantRequestExample: summary: Default grant request x-microcks-default: true value: securable: database: example_value schema: example_value name: Example Title containing_scope: database: example_value schema: example_value securable_type: example_value privileges: - example_value created_on: '2026-01-15T10:30:00Z' granted_by: example_value responses: '200': $ref: common.yaml#/components/responses/200SuccessResponse '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK /api/v2/users/{name}/grants:revoke: post: summary: Revoke Grants From the User tags: - user description: Revoke grants from the user operationId: revokeGrants parameters: - $ref: common.yaml#/components/parameters/name requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Grant' examples: RevokegrantsRequestExample: summary: Default revokeGrants request x-microcks-default: true value: securable: database: example_value schema: example_value name: Example Title containing_scope: database: example_value schema: example_value securable_type: example_value privileges: - example_value created_on: '2026-01-15T10:30:00Z' granted_by: example_value responses: '200': $ref: common.yaml#/components/responses/200SuccessResponse '202': $ref: common.yaml#/components/responses/202SuccessAcceptedResponse '400': $ref: common.yaml#/components/responses/400BadRequest '401': $ref: common.yaml#/components/responses/401Unauthorized '403': $ref: common.yaml#/components/responses/403Forbidden '404': $ref: common.yaml#/components/responses/404NotFound '405': $ref: common.yaml#/components/responses/405MethodNotAllowed '408': $ref: common.yaml#/components/responses/408RequestTimeout '409': $ref: common.yaml#/components/responses/409Conflict '410': $ref: common.yaml#/components/responses/410Gone '429': $ref: common.yaml#/components/responses/429LimitExceeded '500': $ref: common.yaml#/components/responses/500InternalServerError '503': $ref: common.yaml#/components/responses/503ServiceUnavailable '504': $ref: common.yaml#/components/responses/504GatewayTimeout x-microcks-operation: delay: 0 dispatcher: FALLBACK components: schemas: Grant: type: object properties: securable: $ref: '#/components/schemas/Securable' description: Securable of the grant containing_scope: $ref: '#/components/schemas/ContainingScope' description: Containing scope of the grant securable_type: type: string description: Type of the securable to be granted. Only ROLE is supported example: example_value privileges: type: array items: type: string description: List of privileges to be granted. example: [] created_on: type: string format: date-time readOnly: true description: Date and time when the grant was created example: '2026-01-15T10:30:00Z' granted_by: type: string readOnly: true description: The role that granted this privilege to this grantee example: example_value required: - securable_type Securable: type: object properties: database: type: string pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$ description: Database name of the securable if applicable. example: example_value schema: type: string pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$ description: Schema name of the securable if applicable. example: example_value name: type: string pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$ description: Name of the securable if applicable. example: Example Title required: - name ContainingScope: type: object properties: database: type: string pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$ description: Database name of the securable scope if applicable. example: example_value schema: type: string pattern: ^"([^"]|"")+"|[a-zA-Z_][a-zA-Z0-9_$]*$ description: Schema name of the securable scope if applicable. example: example_value required: - database User: description: Properties of user. type: object required: - name properties: name: type: string description: User name example: jackpatel password: type: string format: password description: Password example: example_value login_name: type: string description: Login name example: example_value display_name: type: string description: Display name example: example_value first_name: type: string description: First name example: example_value middle_name: type: string description: Middle name example: example_value last_name: type: string description: Last name example: example_value email: type: string description: Email address example: user@example.com must_change_password: type: boolean description: Does this user need to change their password (e.g., after assigning a temp password) example: true disabled: type: boolean description: Has this user been disabled from the system example: true days_to_expiry: type: integer description: How many days until this user expires example: 10 mins_to_unlock: type: integer description: How many minutes until the account is unlocked after multiple failed logins example: 10 default_warehouse: type: string description: The default warehouse to use when this user starts a session example: example_value default_namespace: type: string description: The default namespace to use when this user starts a session example: example_value default_role: type: string description: The default role to use when this user starts a session example: example_value default_secondary_roles: type: string description: The default secondary roles of this user to use when starting a session. Only valid set values are ALL or NONE. Default is ALL after 2024-07 BCR. enum: - ALL - NONE default: ALL example: ALL mins_to_bypass_mfa: type: integer description: How many minutes until MFA is required again example: 10 rsa_public_key: type: string description: RSA public key of the user example: example_value rsa_public_key_2: type: string description: Second RSA public key of the user example: example_value comment: type: string description: Comment about the user. example: A distinguished user type: type: string description: Indicates the type of user (PERSON | SERVICE | LEGACY_SERVICE) example: example_value enable_unredacted_query_syntax_error: type: boolean description: Whether to show unredacted query syntax errors in the query history. example: true network_policy: type: string description: Specifies an existing network policy is active for the user. Otherwise, use account default. example: example_value created_on: type: string readOnly: true format: date-time example: '2026-01-15T10:30:00Z' last_successful_login: type: string readOnly: true format: date-time example: '2026-01-15T10:30:00Z' expires_at: type: string readOnly: true format: date-time example: '2026-01-15T10:30:00Z' locked_until: type: string readOnly: true format: date-time example: '2026-01-15T10:30:00Z' has_password: type: boolean readOnly: true example: true has_rsa_public_key: type: boolean readOnly: true example: true rsa_public_key_fp: type: string readOnly: true description: Fingerprint of the user's RSA public key example: example_value rsa_public_key_2_fp: type: string readOnly: true description: Fingerprint of the user's second RSA public key example: example_value ext_authn_duo: type: boolean readOnly: true example: true ext_authn_uid: type: string readOnly: true example: '500123' owner: type: string readOnly: true example: example_value snowflake_lock: type: boolean readOnly: true default: false description: Whether the user, account, or organization is locked by Snowflake. example: true snowflake_support: type: boolean readOnly: true default: false description: Whether Snowflake Support is allowed to use the user or account example: true mins_to_bypass_network_policy: type: integer readOnly: true description: Temporary bypass network policy on the user for a specified number of minutes example: 10 password_last_set: type: string readOnly: true format: date-time example: '2026-01-15T10:30:00Z' custom_landing_page_url: type: string readOnly: true example: https://www.example.com custom_landing_page_url_flush_next_ui_load: type: boolean readOnly: true default: false description: Whether or not to flush the custom landing page of the user on next UI load example: https://www.example.com securitySchemes: KeyPair: $ref: common.yaml#/components/securitySchemes/KeyPair ExternalOAuth: $ref: common.yaml#/components/securitySchemes/ExternalOAuth SnowflakeOAuth: $ref: common.yaml#/components/securitySchemes/SnowflakeOAuth security: - KeyPair: [] - ExternalOAuth: [] - SnowflakeOAuth: []