Get User
Authorization
apiKey X-Api-Key<token>
Partner API key issued during onboarding. Must be included in every request alongside the HMAC signature headers.
In: header
Path Parameters
externalId*string
Partner-owned user identifier.
Length
1 <= length <= 128Header Parameters
X-Request-Timestamp*string
RFC 3339 timestamp used in the request signing payload. Requests outside the allowed clock-skew window are rejected.
Format
date-timeX-Request-Signature*string
HMAC-SHA256 signature over the canonical request string. See the Request Signing section above for the format.
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X GET "https://partner-api.bocaraton.com/v1/users/partner-user-42" \ -H "X-Request-Timestamp: 2026-03-13T12:00:00Z" \ -H "X-Request-Signature: a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"{
"userId": "550e8400-e29b-41d4-a716-446655440000",
"externalId": "partner-user-42",
"status": "active"
}{
"error": "bad_request",
"message": "Request body failed validation",
"requestId": "req-a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"fieldErrors": [
{
"field": "email",
"message": "Must be a valid email address"
}
]
}{
"error": "unauthorized",
"message": "Invalid API key or request signature",
"requestId": "req-a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}{
"error": "not_found",
"message": "User not found for the authenticated partner",
"requestId": "req-a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}{
"error": "too_many_requests",
"message": "Rate limit exceeded. Retry after the duration indicated in the Retry-After header.",
"requestId": "req-a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}{
"error": "internal_error",
"message": "An unexpected error occurred. Please retry or contact support with the requestId.",
"requestId": "req-a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}