Anzenna Public API
  1. account
Anzenna Public API
  • data exfiltration
    • List file movement activities
      POST
    • Get file movement activity by id
      GET
    • List git events
      POST
    • Get a specific git event by id
      GET
    • List git repositories
      POST
    • Get a specific git repository
      GET
    • List files used with data exfiltration.
      POST
    • Get a specific data exfiltration file
      GET
    • Query database exfiltration events
      POST
  • api key
    • Get API key information
      GET
  • login events
    • List login events
      POST
    • Get a login event by ID
      GET
  • browser applications
    • Query all browser applications
      POST
    • List browser application instances
      POST
  • browser application instances
    • Get an browser application by id
      GET
    • Get a browser application by id
      GET
  • browser history
    • List browser history entries
      POST
  • data sharing
    • Query database share grants
      POST
    • Query database share user additions
      POST
    • List file sharing instances
      POST
    • List documents
      POST
    • Get document by id
      GET
  • devices
    • List devices
    • Get a device
    • Get a device
  • device policies
    • List device policies
    • Get a device policy
    • Get a device policy
  • device applications
    • List device applications
    • Get a device application
    • Get a device application
  • device infections
    • List device infections
    • Get a device infection
    • Get a device infection
  • ide applications
    • List IDE applications
    • Get an IDE application
    • Get an IDE application
  • ide application instances
    • Query IDE application instances.
  • mcp servers
    • List MCP servers
    • Get an MCP server
    • Get an MCP server
  • mcp server instances
    • Query MCP server installations
  • device application instances
    • Query device application instances.
  • mfa
    • Query all mfa statuses
  • oauth applications
    • Query all OAuth applications
    • Get an OAuth application by id
    • Get an OAuth application by id
  • oauth application instances
    • Query all OAuth application instances
  • passwords
    • Query all password reuse instances
  • people
    • Query all people
    • Get a person by id
    • Get a person by id
    • Add a category to multiple people
    • Remove a category from multiple people
  • account
    • List accounts
      POST
    • Get an account by id
      GET
    • Get an account by id
      GET
  • phishing interactions
    • Query all phishing interactions
  • company wide risk trends
    • Get company risk trends
  • high risk organizations
    • Get number of high risk organizations
  • detections
    • Get key finding detections
    • Get detection details
    • Get detection details
    • List users associated with a given detection
    • List users associated with a given detection
  • shadow it
    • Query all Shadow IT instances
  • advanced query
    • Execute an advanced query
  • events
    • List security events
  • sources
    • Query raw events
  • allowlist
    • Query all allowlists
    • Create a new allowlist
    • Update an allowlist
    • Delete an allowlist
  1. account

List accounts

POST
/accounts
Query and filter accounts known to Anzenna. This includes accounts
discovered via all data sources, even if that data source is not used as
Anzenna's identity source (controlled by the "Identity Source" setting in
the Anzenna dashboard).
Contrast this to "Query All People", which only returns the information that
is provided by the configured identity source and only exposes active users.

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Body Params application/jsonRequired

Examples

Responses

🟢200
application/json
Successful operation
Body

🟠400
🟠401Unauthorized
🟠403Forbidden
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST '/accounts' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "query": "name='\''WINPC-4291'\'' AND status IN ('\''active'\'', '\''pending'\'')",
    "distinct_count": "string",
    "sort": "name desc, id",
    "limit": 10,
    "offset": 0,
    "include_total_count": true
}'
Response Response Example
200 - Example 1
{
    "pagination": {
        "count": 0,
        "total_count": 1000
    },
    "distinct_values": [
        {
            "value": null,
            "count": 0
        }
    ],
    "items": [
        {
            "id": "8CA67511-744C-4D74-B26E-7281CF88712F",
            "source": "unspecified",
            "external_id": "00u1e8VTUYyPDmZLkXXX",
            "email": "joe.smith@example.com",
            "name": "Joe Smith",
            "first_name": "John",
            "last_name": "Doe",
            "manager": "manager@example.com",
            "job_title": "Software Engineer",
            "department": "Engineering",
            "company": "Acme Inc",
            "division": "Product Division",
            "cost_center": "CC-001",
            "location": {
                "city": "San Francisco",
                "state": "CA",
                "country": "USA"
            },
            "level": 3,
            "state": "unspecified",
            "password_changed": "2021-01-15T00:00:00Z",
            "login": "john.doe",
            "phones": [
                "+1-555-123-4567"
            ],
            "aliases": [
                "john@example.com"
            ],
            "avatar": {
                "url": "https://example.com/avatars/user.jpg",
                "content_type": "image/jpeg"
            }
        }
    ]
}
Modified at 2026-02-10 23:10:01
Previous
Remove a category from multiple people
Next
Get an account by id
Built with