Current Logins
Pull all currently active app connections from LoginSign into your own backend for reconciliation, monitoring, and periodic consistency checks.
1. Endpoint
GET /api/applications/:appId/users
Authentication is required via Basic Auth:
Authorization: Basic base64(client_id:client_secret)
client_id must be identical to appId.
2. Response shape
{
"users": [
{
"globalId": "AB1234",
"email": "user@example.com",
"aliasEmail": "masked@loginsign.com",
"displayName": "Jane Doe",
"loginCount": 42,
"lastSession": "2026-05-03T11:04:12.000Z",
"joinedAt": "2025-11-10T09:30:00.000Z",
"isActive": true
}
],
"total": 1
}3. Field reference
globalId Stable LoginSign user ID for cross-system mapping email Current app-facing email for the connection (synced) aliasEmail Stable alias address provisioned for this app connection displayName Optional user display name in the app connection loginCount Number of recorded logins for this app connection lastSession Timestamp of latest app login (if available) joinedAt Timestamp when the connection was created isActive Current active flag for this connection
4. Example usage
const auth = Buffer.from(`${appId}:${clientSecret}`).toString('base64');
const res = await fetch(`${API_URL}/api/applications/${appId}/users`, {
method: 'GET',
headers: { Authorization: `Basic ${auth}` }
});
const data = await res.json(); // { users, total }5. Recommended sync strategy
1) Run periodic pull (e.g. every 15 min / hourly / daily) 2) Upsert users by globalId in your own database 3) Mark missing users as disconnected candidates 4) Reconcile with webhook events for near real-time updates 5) Alert if diff exceeds expected threshold
6. Error handling
401 unauthorized: Basic Auth header missing.401 invalid_client: wrong client secret.403 forbidden:client_iddoes not matchappId.
7. Integration test endpoint
POST /api/developer/applications/:appId/current-logins-sync-api/test
Confirms your app exposes the current-logins sync endpoint metadata.