# List project members

Return explicit project grants (editors and viewers). Workspace admins have implicit access and are not listed.

Endpoint: GET /projects/{project_id}/members
Version: 0.23.8
Security: Auth

## Path parameters:

  - `project_id` (string, required)
    Unique identifier (UUID) of the project.
    Example: "550e8400-e29b-41d4-a716-446655440000"

## Query parameters:

  - `page` (integer)
    1-based page index. Defaults to 1 when omitted.
    Example: 1

  - `limit` (integer)
    Page size. Defaults to 30, capped at 100.
    Example: 20

  - `sort_by` (string)
    Sort field. Prefix with - for descending order (e.g. -created_at).
    Enum: "role", "-role", "granted_at", "-granted_at"

  - `role` (array)
    Filter project members by role.
    Enum: "editor", "viewer"

  - `search` (string)
    Filter project members by email (partial match, case-insensitive).
    Example: "john@"

## Response 200 fields (application/json):

  - `items` (array, required)
    Example: [{"user":{"id":"0193d4a1-8f03-7e30-b4c5-6d7e8f901234","email":"user@example.com","first_name":"John","last_name":"Doe","avatar":"https://cdn.vilna.io/avatars/0193d4a1.jpg"},"role":"editor","granted_at":"2024-01-15T10:30:00Z"}]

  - `items.user` (object, required)
    A workspace participant. Mirrors a Kratos identity.
    Example: {"id":"0193d4a1-8f03-7e30-b4c5-6d7e8f901234","email":"user@example.com","first_name":"John","last_name":"Doe","avatar":"https://cdn.vilna.io/avatars/0193d4a1.jpg"}

  - `items.user.id` (string, required)
    User UUID.
    Example: "0193d4a1-8f03-7e30-b4c5-6d7e8f901234"

  - `items.user.email` (string, required)
    Email address.
    Example: "user@example.com"

  - `items.user.first_name` (string)
    Given name from identity traits.
    Example: "John"

  - `items.user.last_name` (string)
    Family name from identity traits.
    Example: "Doe"

  - `items.user.avatar` (string)
    Absolute http(s) URL to the user's profile image.
    Example: "https://cdn.vilna.io/avatars/0193d4a1.jpg"

  - `items.role` (string, required)
    Project-level role for a workspace member.
    Enum: "editor", "viewer"

  - `items.granted_at` (string, required)
    Timestamp when the grant was issued.
    Example: "2024-01-15T10:30:00Z"

  - `meta` (object, required)
    Pagination metadata returned on every list response. page and limit echo the values used to build this page (defaults are applied when the request omits them). total and total_pages reflect the full result set after any filters are applied.

  - `meta.limit` (integer, required)
    Page size used to build this response.

  - `meta.page` (integer, required)
    Index of the page returned, starting at 1.

  - `meta.total` (integer, required)
    Total number of items matching the request across all pages.

  - `meta.total_pages` (integer, required)
    Total number of pages available at the current limit.

## Response 400 fields (application/problem+json):

  - `type` (string, required)
    A URI that identifies the error type.
Open it in a browser to read about this category of error.
    Example: "https://docs.vilna.io/apis/problems/invalid-request"

  - `title` (string, required)
    A short summary of the error type.
Use detail for information specific to this occurrence.
    Example: "Invalid Request"

  - `status` (integer, required)
    The HTTP status code for this error.
Matches the status code of the HTTP response.
    Example: 400

  - `detail` (string)
    A human-readable explanation of what went wrong in this specific case.
May be localized.
    Example: "Validation error"

  - `instance` (string)
    A URI that identifies this specific error occurrence.
Include this value when contacting support.

  - `code` (string, required)
    Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.
    Example: "blockchain.name_too_long"

  - `fields` (array)
    List of invalid fields in the request

  - `fields.name` (string, required)
    The name of the invalid field
    Example: "meta"

  - `fields.reason` (string, required)
    Why this field is invalid
    Example: "Exceeded maximum data size — must not exceed 1000 characters"

## Response 401 fields (application/problem+json):

  - `type` (string, required)
    A URI that identifies the error type.
Open it in a browser to read about this category of error.
    Example: "https://docs.vilna.io/apis/problems/unauthorized"

  - `title` (string, required)
    A short summary of the error type.
Use detail for information specific to this occurrence.
    Example: "Unauthorized"

  - `status` (integer, required)
    The HTTP status code for this error.
Matches the status code of the HTTP response.
    Example: 401

  - `detail` (string)
    A human-readable explanation of what went wrong in this specific case.
May be localized.
    Example: "Missing or invalid authentication credentials"

  - `instance` (string)
    A URI that identifies this specific error occurrence.
Include this value when contacting support.

  - `code` (string, required)
    Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.
    Example: "auth.unauthorized"

## Response 403 fields (application/problem+json):

  - `type` (string, required)
    A URI that identifies the error type.
Open it in a browser to read about this category of error.
    Example: "https://docs.vilna.io/apis/problems/forbidden"

  - `title` (string, required)
    A short summary of the error type.
Use detail for information specific to this occurrence.
    Example: "Forbidden"

  - `status` (integer, required)
    The HTTP status code for this error.
Matches the status code of the HTTP response.
    Example: 403

  - `detail` (string)
    A human-readable explanation of what went wrong in this specific case.
May be localized.
    Example: "You do not have permission to perform this action"

  - `instance` (string)
    A URI that identifies this specific error occurrence.
Include this value when contacting support.

  - `code` (string, required)
    Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.
    Example: "chain.not_allowed"

## Response 404 fields (application/problem+json):

  - `type` (string, required)
    A URI that identifies the error type.
Open it in a browser to read about this category of error.
    Example: "https://docs.vilna.io/apis/problems/not-found"

  - `title` (string, required)
    A short summary of the error type.
Use detail for information specific to this occurrence.
    Example: "Not Found"

  - `status` (integer, required)
    The HTTP status code for this error.
Matches the status code of the HTTP response.
    Example: 404

  - `detail` (string)
    A human-readable explanation of what went wrong in this specific case.
May be localized.
    Example: "The requested resource was not found"

  - `instance` (string)
    A URI that identifies this specific error occurrence.
Include this value when contacting support.

  - `code` (string, required)
    Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.
    Example: "blockchain.not_found"

## Response default fields (application/problem+json):

  - `type` (string, required)
    A URI that identifies the error type.
Open it in a browser to read about this category of error.

  - `title` (string, required)
    A short summary of the error type.
Use detail for information specific to this occurrence.

  - `status` (integer, required)
    The HTTP status code for this error.
Matches the status code of the HTTP response.

  - `detail` (string)
    A human-readable explanation of what went wrong in this specific case.
May be localized.

  - `instance` (string)
    A URI that identifies this specific error occurrence.
Include this value when contacting support.

  - `code` (string, required)
    Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.