Yandex Cloud
Search
Discuss with expertTry it for free
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
  • Marketplace
    • Featured
    • Infrastructure & Network
    • Data Platform
    • AI for business
    • Security
    • DevOps tools
    • Serverless
    • Monitoring & Resources
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
    • Price calculator
    • Pricing plans
  • Customer Stories
  • Documentation
  • Blog
© 2026 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
    • API authentication
      • Overview
        • Overview
        • Get
        • List
        • BatchGet
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • HTTP request
  • Body parameters
  • Resource
  • Response
  • Subject
  • Group
  • UserAccount
  • SubjectContainer
  • JobInfo
  • ServiceAccount
  • Cloud
  • Folder
  • ServiceAgent
  • Invitee
  1. API reference
  2. REST
  3. SubjectDetails
  4. BatchGet

Identity and Access Management API, REST: SubjectDetails.BatchGet

Written by
Yandex Cloud
Updated at July 1, 2026
View in Markdown
  • HTTP request
  • Body parameters
  • Resource
  • Response
  • Subject
  • Group
  • UserAccount
  • SubjectContainer
  • JobInfo
  • ServiceAccount
  • Cloud
  • Folder
  • ServiceAgent
  • Invitee

Returns the details of multiple subjects by their IDs.

HTTP requestHTTP request

POST https://iam.api.cloud.yandex.net/iam/v1/subjects:batchGet

Body parametersBody parameters

{
  "subjectIds": [
    "string"
  ],
  "filter": "string",
  "fieldMask": "string",
  "resourceContext": {
    "id": "string",
    "type": "string"
  }
}

Field

Description

subjectIds[]

string

IDs of the subjects to return.

The number of elements must be in the range 1-1000.

filter

string

A filter expression in CEL (Common Expression Language) that filters the subjects listed in the response.

The maximum string length in characters is 10000.

fieldMask

string (field-mask)

A comma-separated names off ALL fields to be updated.
Only the specified fields will be changed. The others will be left untouched.
If the field is specified in updateMask and no value for that field was sent in the request,
the field's value will be reset to the default. The default value for most fields is null or 0.

If updateMask is not sent in the request, all fields' values will be updated.
Fields specified in the request will be updated to provided values.
The rest of the fields will be reset to the default.

resourceContext

Resource

The resource to which the returned subjects have access. Can only be an organization or a folder.

ResourceResource

A Resource. For more information, see Resource.

Field

Description

id

string

Required field. ID of the resource.

The maximum string length in characters is 50.

type

string

Required field. The type of the resource, e.g. resource-manager.folder, billing.account, compute.snapshot, etc.

The maximum string length in characters is 64.

ResponseResponse

HTTP Code: 200 - OK

{
  "subjects": [
    {
      "sub": "string",
      "type": "string",
      "createdAt": "string",
      "status": "string",
      "name": "string",
      "lastAuthenticatedAt": "string",
      "groups": [
        {
          "id": "string",
          "name": "string",
          "type": "string"
        }
      ],
      // Includes only one of the fields `userAccount`, `serviceAccount`, `group`, `invitee`
      "userAccount": {
        "givenName": "string",
        "familyName": "string",
        "preferredUsername": "string",
        "email": "string",
        "phoneNumber": "string",
        "subjectContainer": {
          "id": "string",
          "name": "string",
          "containerType": "string"
        },
        "lastIdProofAt": "string",
        "suspendReason": "string",
        "jobInfo": {
          "companyName": "string",
          "department": "string",
          "jobTitle": "string",
          "employeeId": "string"
        },
        "expiresAt": "string",
        "modifiedAt": "string"
      },
      "serviceAccount": {
        "cloud": {
          "id": "string",
          "name": "string"
        },
        "folder": {
          "id": "string",
          "name": "string"
        },
        "serviceAgent": {
          "serviceId": "string",
          "microserviceId": "string"
        }
      },
      "group": {
        "id": "string",
        "name": "string",
        "type": "string"
      },
      "invitee": {
        "email": "string",
        "preferredUsername": "string"
      },
      // end of the list of possible fields
      "externalId": "string"
    }
  ]
}

Field

Description

subjects[]

Subject

List of the requested subjects.

SubjectSubject

Field

Description

sub

string

Required field. Subject - Identifier for the End-User at the Issuer.

The maximum string length in characters is 100.

type

enum (SubjectType)

Required field. Subject type.

  • USER_ACCOUNT: User account subject.
  • SERVICE_ACCOUNT: Service account subject.
  • GROUP: Group subject.
  • INVITEE: Invitee subject.

createdAt

string (date-time)

Creation time

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

status

enum (SubjectStatus)

Status

  • ACTIVE: Subject is active.
  • SUSPENDED: Subject is suspended.

name

string

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

lastAuthenticatedAt

string (date-time)

Last time the access token was created. Filled only for federated users (not for global users).

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

groups[]

Group

Groups to which the subject belongs

userAccount

UserAccount

Details of a user account subject. Set when the subject is a user account.

Includes only one of the fields userAccount, serviceAccount, group, invitee.

Subject type-specific details.

serviceAccount

ServiceAccount

Details of a service account subject. Set when the subject is a service account.

Includes only one of the fields userAccount, serviceAccount, group, invitee.

Subject type-specific details.

group

Group

Details of a group subject. Set when the subject is a group.

Includes only one of the fields userAccount, serviceAccount, group, invitee.

Subject type-specific details.

invitee

Invitee

Details of an invitee subject. Set when the subject is an invitee.

Includes only one of the fields userAccount, serviceAccount, group, invitee.

Subject type-specific details.

externalId

string

Subject id in external container

GroupGroup

Field

Description

id

string

ID of the group.

name

string

Name of the group.

type

enum (GroupType)

Type of the group.

  • PUBLIC_ACCESS: Public group.
  • EXPLICIT: Regular group.
  • META: System group.

UserAccountUserAccount

Field

Description

givenName

string

Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.

familyName

string

Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.

preferredUsername

string

Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe.
This value MAY be any valid JSON string including special characters such as @, /, or whitespace.

email

string

End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax.

phoneNumber

string

End-User's preferred phone number.

subjectContainer

SubjectContainer

Subject container

lastIdProofAt

string (date-time)

Last time when subject identification was proofed.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

suspendReason

string

Reason of subject's suspension

jobInfo

JobInfo

Information about job

expiresAt

string (date-time)

The subject will be suspended at the specified time

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

modifiedAt

string (date-time)

Last time when the user account attributes were modified

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

SubjectContainerSubjectContainer

Field

Description

id

string

ID of the subject container.

name

string

Name of the subject container.

containerType

enum (ContainerType)

Type of the subject container.

  • SAML: SAML federation container.
  • PASSPORT: Yandex Passport container.
  • USERPOOL: User pool container.

JobInfoJobInfo

Field

Description

companyName

string

Name of the company the user works for.

department

string

Department the user belongs to.

jobTitle

string

Job title of the user.

employeeId

string

Employee identifier of the user.

ServiceAccountServiceAccount

Field

Description

cloud

Cloud

Cloud the service account belongs to.

folder

Folder

Folder the service account belongs to.

serviceAgent

ServiceAgent

Service agent details. Set when the service account is a service agent.

CloudCloud

Field

Description

id

string

ID of the cloud.

name

string

Name of the cloud.

FolderFolder

Field

Description

id

string

ID of the folder.

name

string

Name of the folder.

ServiceAgentServiceAgent

Field

Description

serviceId

string

ID of the service the service agent acts on behalf of.

microserviceId

string

ID of the microservice the service agent acts on behalf of.

InviteeInvitee

Field

Description

email

string

E-mail address of the invitee.

preferredUsername

string

Preferred username of the invitee.

Was the article helpful?

Previous
List
Next
Overview
© 2026 Direct Cursus Technology L.L.C.