> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # NOTE: Searches external client grants for all users > Search returns external client grants for all users in the tenant. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/search/iam/external_clients openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/search/iam/external_clients: post: tags: - External Client summary: 'NOTE: Searches external client grants for all users' description: Search returns external client grants for all users in the tenant. operationId: c1.api.iam.v1.ExternalClientSearchService.Search requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.iam.v1.ExternalClientSearchServiceSearchRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.iam.v1.ExternalClientSearchServiceSearchResponse description: Successful response x-codeSamples: - lang: go label: Search source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.ExternalClientSearch.Search(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.ExternalClientSearchServiceSearchResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.externalClientSearch.search(); console.log(result); } run(); components: schemas: c1.api.iam.v1.ExternalClientSearchServiceSearchRequest: description: The ExternalClientSearchServiceSearchRequest message. properties: clientIdUrls: description: |- Exact-match filter on client_id values (e.g., CIMD URLs). Returns only grants whose client_id matches one of these values. items: type: string nullable: true readOnly: false type: array pageSize: description: The pageSize field. format: int32 readOnly: false type: integer pageToken: description: The pageToken field. readOnly: false type: string query: description: Free-text search on client_name and user display name readOnly: false type: string users: description: Filter by specific user IDs items: $ref: '#/components/schemas/c1.api.user.v1.UserRef' nullable: true readOnly: false type: array wellKnownClients: description: Filter by well-known client type (e.g., CLAUDE_CODE, CURSOR, etc.) items: enum: - WELL_KNOWN_CLIENT_UNSPECIFIED - WELL_KNOWN_CLIENT_UNKNOWN - WELL_KNOWN_CLIENT_CLAUDE_AI - WELL_KNOWN_CLIENT_CLAUDE_DESKTOP - WELL_KNOWN_CLIENT_CLAUDE_CODE - WELL_KNOWN_CLIENT_MCP_INSPECTOR - WELL_KNOWN_CLIENT_CHATGPT - WELL_KNOWN_CLIENT_VSCODE - WELL_KNOWN_CLIENT_CURSOR - WELL_KNOWN_CLIENT_WINDSURF - WELL_KNOWN_CLIENT_ZED - WELL_KNOWN_CLIENT_JETBRAINS - WELL_KNOWN_CLIENT_DOCKER_MCP_TOOLKIT type: string x-speakeasy-unknown-values: allow nullable: true readOnly: false type: array title: External Client Search Service Search Request type: object x-speakeasy-name-override: ExternalClientSearchServiceSearchRequest c1.api.iam.v1.ExternalClientSearchServiceSearchResponse: description: The ExternalClientSearchServiceSearchResponse message. properties: list: description: Uses ExternalClientInfo with user_id populated for admin views items: $ref: '#/components/schemas/c1.api.iam.v1.ExternalClientInfo' nullable: true readOnly: false type: array nextPageToken: description: The nextPageToken field. readOnly: false type: string title: External Client Search Service Search Response type: object x-speakeasy-name-override: ExternalClientSearchServiceSearchResponse c1.api.user.v1.UserRef: description: A reference to a user. properties: id: description: The id of the user. readOnly: false type: string title: User Ref type: object x-speakeasy-name-override: UserRef c1.api.iam.v1.ExternalClientInfo: description: >- ExternalClientInfo provides information about an approved external client. Used by both List (user's own grants) and Search (admin view of all grants). properties: clientId: description: >- OAuth2 client ID - canonical identifier for this connection (globally unique per DCR) readOnly: false type: string clientIdType: description: How the client_id was established. enum: - CLIENT_ID_TYPE_UNSPECIFIED - CLIENT_ID_TYPE_DCR - CLIENT_ID_TYPE_METADATA_URL readOnly: false type: string x-speakeasy-unknown-values: allow clientIdUrl: description: >- Original CIMD metadata URL (e.g., "https://cursor.com/.well-known/oauth-client"). Empty for DCR clients. readOnly: false type: string clientName: description: Original client name from DCR registration readOnly: false type: string createdAt: format: date-time readOnly: false type: string displayName: description: User-provided custom name (defaults to client_name if not set) readOnly: false type: string lastUsedAt: format: date-time readOnly: false type: string mcpClientId: description: >- MCP client record ID for AI governance tracking. May be empty for legacy grants. readOnly: false type: string roleIds: description: >- Role IDs granted to this client - frontend can fetch display names via SearchRoles items: type: string nullable: true readOnly: false type: array userId: description: The user who approved this external client (always populated) readOnly: false type: string verifiedDomain: description: |- Verified domain from the client_id URL (e.g., "cursor.com"). Empty for DCR clients. readOnly: false type: string wellKnownClient: description: The wellKnownClient field. enum: - WELL_KNOWN_CLIENT_UNSPECIFIED - WELL_KNOWN_CLIENT_UNKNOWN - WELL_KNOWN_CLIENT_CLAUDE_AI - WELL_KNOWN_CLIENT_CLAUDE_DESKTOP - WELL_KNOWN_CLIENT_CLAUDE_CODE - WELL_KNOWN_CLIENT_MCP_INSPECTOR - WELL_KNOWN_CLIENT_CHATGPT - WELL_KNOWN_CLIENT_VSCODE - WELL_KNOWN_CLIENT_CURSOR - WELL_KNOWN_CLIENT_WINDSURF - WELL_KNOWN_CLIENT_ZED - WELL_KNOWN_CLIENT_JETBRAINS - WELL_KNOWN_CLIENT_DOCKER_MCP_TOOLKIT readOnly: false type: string x-speakeasy-unknown-values: allow title: External Client Info type: object x-speakeasy-name-override: ExternalClientInfo securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````