List a user's effective skills with provenance.
const url = 'https://shiftagent.example.com/users/example/skills?limit=20';const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://shiftagent.example.com/users/example/skills?limit=20' \ --header 'Authorization: Bearer <token>'Answers “which skills can this user access?” — the union over the user’s roles of each role’s resolved effective skills. Each item carries a via provenance object naming the granting role_id and the repository_id the skill was resolved from, so hosts can explain access.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Internal user ID.
Query Parameters
Section titled “Query Parameters ”Page size (1–100).
Cursor: return items after this object ID (forward pagination). Use the id of the last item of the previous page.
Cursor: return items before this object ID (backward pagination). Mutually exclusive with starting_after.
Responses
Section titled “ Responses ”A page of effective skill grants.
object
Envelope discriminator.
The page of items.
Whether more items exist beyond this page.
Opaque cursor for the next page (pass as starting_after). Null when has_more is false.
One effective-skill grant of a user, with provenance: which role granted it and which repository it was resolved from.
object
Capability unit dictated by a repository — discovered by sync or added manually.
object
Slug, unique per repository.
What the skill does (from its manifest).
Manifest version.
Location of the manifest inside the repository.
discovered — found by repository sync (pruned if it disappears); manual — added via createRepositorySkill (survives re-syncs).
Free-form string key–value map for host/adapter bookkeeping (e.g. a host-side reference ID). Max 50 keys; values max 500 chars. Replaced wholesale when provided in updates.
object
RFC 3339 / ISO 8601 timestamp, UTC.
RFC 3339 / ISO 8601 timestamp, UTC.
Provenance of the grant.
object
The granting role.
The repository the skill was resolved from.
Examples
Effective skills with provenance
{ "object": "list", "data": [ { "object": "user.skill", "skill": { "object": "skill", "id": "skl_01hzx8dispatch", "repository_id": "rep_01hzx8fieldops", "name": "dispatch-scheduler", "description": "Plan and assign field-technician dispatch schedules.", "version": "1.2.0", "path": ".claude/skills/dispatch-scheduler/SKILL.md", "source": "discovered", "metadata": {}, "created_at": "2026-07-02T09:32:00Z", "updated_at": "2026-07-02T09:32:00Z" }, "via": { "role_id": "rol_01hzx8csr001", "repository_id": "rep_01hzx8fieldops" } } ], "has_more": false, "next_cursor": null}Bad request — malformed body/parameters or an invalid parameter combination (e.g. neither or both of user_id/tenant_id on listConversations, or both pagination cursors).
RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.
object
Problem type URI (registry slug).
Short, human-readable summary of the problem type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI reference identifying this occurrence.
Correlation ID for support and log lookup.
On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).
On validation-error, field-level details.
object
JSON pointer to the offending field.
What failed.
Examples
Invalid parameter combination
{ "type": "https://shiftagent.example.com/problems/validation-error", "title": "Invalid request", "status": 400, "detail": "Exactly one of user_id or tenant_id is required.", "request_id": "req_01hzx8bad001"}Missing or invalid credentials — no bearer token, an unknown/revoked sk_int_ key, or an expired platform JWT.
RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.
object
Problem type URI (registry slug).
Short, human-readable summary of the problem type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI reference identifying this occurrence.
Correlation ID for support and log lookup.
On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).
On validation-error, field-level details.
object
JSON pointer to the offending field.
What failed.
Examples
Missing or invalid bearer token
{ "type": "https://shiftagent.example.com/problems/insufficient-scope", "title": "Unauthorized", "status": 401, "detail": "Provide a valid sk_int_ service key or platform JWT.", "request_id": "req_01hzx8auth001"}Not found — the resource does not exist, was deprovisioned, or lies outside the integration key’s subtree (indistinguishable by design).
RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.
object
Problem type URI (registry slug).
Short, human-readable summary of the problem type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI reference identifying this occurrence.
Correlation ID for support and log lookup.
On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).
On validation-error, field-level details.
object
JSON pointer to the offending field.
What failed.
Examples
Unknown resource
{ "type": "https://shiftagent.example.com/problems/not-found", "title": "Not found", "status": 404, "detail": "No tenant with external_id acme:tenant:999999.", "request_id": "req_01hzx8nf001"}