> ## Documentation Index
> Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List people

> Get all members of an organization with their roles and basic profile data.

The list-people endpoint returns every team member visible to your API key's role, with pagination and filtering. It's the canonical example of a Matproof list endpoint — the same conventions (`page` / `perPage` / response shape with `data` and `meta`) apply across every other list endpoint.

## Common use cases

* Pulling the team list to drive your own dashboard or report
* Scripting access reviews against your IdP / HR system
* Detecting drift between Matproof People and an authoritative HR feed (Deel, Workday, BambooHR)

## Pagination

For organizations with more than \~50 members, paginate via `page` and `perPage`:

```bash theme={null}
curl "https://api.matproof.com/v1/people?page=2&perPage=100" \
  -H "X-API-Key: ..."
```

Stop when `meta.page` reaches `meta.totalPages`.

## Filtering by role

To list only Auditors (typically external audit firms), filter via the `role` query parameter:

```bash theme={null}
curl "https://api.matproof.com/v1/people?role=auditor" \
  -H "X-API-Key: ..."
```

Valid role values are the [five built-in roles](/features/rbac-roles): `owner`, `admin`, `auditor`, `employee`, `contractor`.

## Response shape

Every member entry includes the fields needed for access-review evidence: name, email, role, last-login timestamp, and link to any associated devices reported by the [Device Agent](/features/device-agent).

The full schema is rendered in the interactive playground below.


## OpenAPI

````yaml GET /v1/people
openapi: 3.0.0
info:
  title: API Documentation
  description: The API documentation for this application
  version: '1.0'
  contact: {}
servers:
  - url: http://localhost:3333
    description: Local API Server
  - url: https://api.matproof.com
    description: API Server
security: []
tags: []
paths:
  /v1/people:
    get:
      tags:
        - People
      summary: Get all people
      description: >-
        Returns all members for the authenticated organization with their user
        information. Supports both API key authentication (X-API-Key header) and
        session authentication (cookies + X-Organization-Id header).
      operationId: PeopleController_getAllPeople_v1
      parameters:
        - name: X-Organization-Id
          in: header
          description: >-
            Organization ID (required for session auth, optional for API key
            auth)
          required: false
          schema:
            type: string
      responses:
        '200':
          description: People retrieved successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/PeopleResponseDto'
                  count:
                    type: number
                    description: Total number of people
                    example: 25
                  authType:
                    type: string
                    enum:
                      - api-key
                      - session
                    description: How the request was authenticated
                  authenticatedUser:
                    type: object
                    properties:
                      id:
                        type: string
                        description: User ID
                        example: usr_abc123def456
                      email:
                        type: string
                        description: User email
                        example: user@company.com
              example:
                data:
                  - id: mem_abc123def456
                    organizationId: org_abc123def456
                    userId: usr_abc123def456
                    role: admin
                    createdAt: '2024-01-01T00:00:00Z'
                    department: it
                    isActive: true
                    fleetDmLabelId: 123
                    user:
                      id: usr_abc123def456
                      name: John Doe
                      email: john.doe@company.com
                      emailVerified: true
                      image: https://example.com/avatar.jpg
                      createdAt: '2024-01-01T00:00:00Z'
                      updatedAt: '2024-01-15T00:00:00Z'
                      lastLogin: '2024-01-15T12:00:00Z'
                count: 1
                authType: api-key
                authenticatedUser:
                  id: usr_abc123def456
                  email: user@company.com
        '401':
          description: Unauthorized - Invalid authentication or insufficient permissions
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    example: Invalid or expired API key
        '404':
          description: Organization not found
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    example: Organization with ID org_abc123def456 not found
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    example: Failed to retrieve members
      security:
        - apikey: []
components:
  schemas:
    PeopleResponseDto:
      type: object
      properties:
        id:
          type: string
          description: Member ID
          example: mem_abc123def456
        organizationId:
          type: string
          description: Organization ID this member belongs to
          example: org_abc123def456
        userId:
          type: string
          description: User ID associated with member
          example: usr_abc123def456
        role:
          type: string
          description: Member role
          example: admin
        createdAt:
          format: date-time
          type: string
          description: When the member was created
          example: '2024-01-01T00:00:00Z'
        department:
          type: string
          description: Member department
          enum:
            - none
            - admin
            - gov
            - hr
            - it
            - itsm
            - qms
          example: it
        isActive:
          type: boolean
          description: Whether member is active
          example: true
        fleetDmLabelId:
          type: object
          description: FleetDM label ID for member devices
          example: 123
          nullable: true
        user:
          description: User information
          allOf:
            - $ref: '#/components/schemas/UserResponseDto'
      required:
        - id
        - organizationId
        - userId
        - role
        - createdAt
        - department
        - isActive
        - fleetDmLabelId
        - user
    UserResponseDto:
      type: object
      properties:
        id:
          type: string
          description: User ID
          example: usr_abc123def456
        name:
          type: string
          description: User name
          example: John Doe
        email:
          type: string
          description: User email
          example: john.doe@company.com
        emailVerified:
          type: boolean
          description: Whether email is verified
          example: true
        image:
          type: object
          description: User profile image URL
          example: https://example.com/avatar.jpg
          nullable: true
        createdAt:
          format: date-time
          type: string
          description: When the user was created
          example: '2024-01-01T00:00:00Z'
        updatedAt:
          format: date-time
          type: string
          description: When the user was last updated
          example: '2024-01-15T00:00:00Z'
        lastLogin:
          type: object
          description: Last login time
          example: '2024-01-15T12:00:00Z'
          nullable: true
      required:
        - id
        - name
        - email
        - emailVerified
        - image
        - createdAt
        - updatedAt
        - lastLogin
  securitySchemes:
    apikey:
      type: apiKey
      in: header
      name: X-API-Key
      description: API key for authentication

````