Wombat DocsAppearance
Get Auth Ownership Status
Get the authentication ownership status for a specific user. This endpoint returns boolean flags indicating whether the current tenant owns the authentication or if the auth is unclaimed.
This endpoint is secured and requires either ADMIN or MANAGE_PEOPLE permissions. It provides a safe way to check auth ownership without exposing tenant IDs or sensitive global user data.
Parameters
| name * are required parameter | data type | description |
|---|---|---|
targetPath* | string | the path to the organization or tenant where the user record exists |
userId* | string | the Firebase Auth UID of the user |
Return Value
On success, a 200 is returned with the body documented below
json
{
"data": {
"userId": "gCjLBdsntbZA5SQN9mSwNsvXrVLa",
"isLinkedToCurrentTenant": true,
"isUnclaimed": false
},
"message": "Auth ownership status retrieved successfully"
}Response Fields
| Field | Type | Description |
|---|---|---|
userId | string | The user's Firebase Auth UID |
isLinkedToCurrentTenant | boolean | Whether the authentication is owned by the current tenant making the request |
isUnclaimed | boolean | Whether the authentication is unclaimed (available to be claimed) |
Possible States
- Auth Owned by Current Tenant:
isLinkedToCurrentTenant: true,isUnclaimed: false - Auth Owned by Different Tenant:
isLinkedToCurrentTenant: false,isUnclaimed: false - Auth Unclaimed:
isLinkedToCurrentTenant: false,isUnclaimed: true
If the userId is absent from the path or the user doesn't exist, a 400 or 404 response is sent with a descriptive error message.
Examples
bash
curl -X GET -H "Authorization: Bearer YOUR_TOKEN" https://app.wombat.software/api/tenant/IRWINS/user/gCjLBdsntbZA5SQN9mSwNsvXrVLa/auth-ownership-statusRelated Endpoints
- Release Auth Ownership -
POST /user/:userId/release-auth-ownership- Release auth ownership from current tenant - Claim Auth Ownership -
POST /user/:userId/claim-auth-ownership- Claim unclaimed auth ownership
Security
- Requires authentication (Firebase Auth token)
- Requires PEOPLE_MANAGEMENT feature flag enabled
- Requires ADMIN or MANAGE_PEOPLE permission for the target
- Only returns boolean flags about the current tenant's relationship to the auth
- Does NOT expose tenant IDs or cross-tenant information
- Prevents information leakage by not revealing which other tenant owns the auth
ENDPOINTS
get
/api/{targetPath}/user/{userId}/auth-ownership-status