Method: projects.accounts.lookup

Gets account information for all matched accounts. For an end user request, retrieves the account of the end user. For an admin request with Google OAuth 2.0 credential, retrieves one or multiple account(s) with matching criteria.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/projects/{targetProjectId}/accounts:lookup

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
targetProjectId

string

The ID of the Google Cloud project that the account or the Identity Platform tenant specified by tenantId belongs to. Should only be specified by authenticated requests bearing a Google OAuth 2.0 credential with proper permissions.

Authorization requires the following IAM permission on the specified resource targetProjectId:

  • firebaseauth.users.get

Request body

The request body contains data with the following structure:

JSON representation
{
  "idToken": string,
  "localId": [
    string
  ],
  "email": [
    string
  ],
  "phoneNumber": [
    string
  ],
  "federatedUserId": [
    {
      object (FederatedUserIdentifier)
    }
  ],
  "tenantId": string,
  "initialEmail": [
    string
  ]
}
Fields
idToken

string

The Identity Platform ID token of the account to fetch. Require to be specified for requests from end users.

localId[]

string

The ID of one or more accounts to fetch. Should only be specified by authenticated requests bearing a Google OAuth 2.0 credential with proper permissions.

email[]

string

The email address of one or more accounts to fetch. The length of email should be less than 256 characters and in the format of name@domain.tld. The email should also match the RFC 822 addr-spec production. Should only be specified by authenticated requests from a developer.

phoneNumber[]

string

The phone number of one or more accounts to fetch. Should only be specified by authenticated requests from a developer and should be in E.164 format, for example, +15555555555.

federatedUserId[]

object (FederatedUserIdentifier)

The federated user identifier of one or more accounts to fetch. Should only be specified by authenticated requests bearing a Google OAuth 2.0 credential with proper permissions.

tenantId

string

The ID of the tenant that the account belongs to. Should only be specified by authenticated requests from a developer.

initialEmail[]

string

The initial email of one or more accounts to fetch. The length of email should be less than 256 characters and in the format of name@domain.tld. The email should also match the RFC 822 addr-spec production. Should only be specified by authenticated requests from a developer.

Response body

If successful, the response body contains an instance of GetAccountInfoResponse.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.