How to check if user email/name is taken

Hello, I would like to check if a user email or user name has already been registered.

It looks like /system/user has the information I need, but when my app needs to check DF system for a specific user name I won’t have a session_token., so my idea probably won’t work.

Is there an easy way to see if a user name has been taken?

P.S. is there a list of API calls which do not require a session token? Is /user/register and /user/session the only APIs that don’t require a session token?


When using the API Docs and you would test this functionality (POST /user/register) you will find out that it will throw and error when creating a user with a username that is already taken.

If you add to the body:

  "email": "",
  "first_name": "MrJohny",
  "last_name": "Unknown",
  "display_name": "MrJohny Unknown",
  "new_password": "Password000",
  "code": ""

it would give the response

  "error": {
    "context": {
      "email": [
        "The email has already been taken."
    "message": "Validation failed",
    "code": 400,

If you want to create something that before you hit the submit button to check if the username it taken, you probably need to query GET /user/profile to check if that user already exists.

You can setup access to these APIs under roles. You could create a default guest user and use that token to access this information. In the API Docs you can see which need a valid session token (Implementation Notes).

Good luck

I will look into the guest user role.

GET on /user/profile only returns information about a user that is already logged in as far as I know. From what I found only /system/user can check every user in the system.

To be more clear, I actually want to make sure the field “first_name” is unique to every user. I’m using that field as a user ID which is displayed to all users of my app. It’s less confusing if people can’t take the same user ID. If this check is missing my app might show 10 different people posting under the same name, but only a DF admin who can see their email would know it’s a different person.


Guess you have 2 options:

1: Create another table with userdetails that is not part of the User part of the database. For example a list of all usernames / first names taken. Obviously for every user register you need to create a new record
2: Create a custom thing under users. I’m not sure where this data is stored, but it’s stored somewhere (believe it’s directly related to the user because you will have add the userID

Here is how I would address this:
Create another app (api key) that is not shared publicly.
Create a role with GET access via SCRIPT on system/user and system/user/*
Create an event script on
In your script you can user the event.request object to grab the POST data (in this case you want the first name)
Then you can use platform.api to check for the existence of the first name in an existing user:
Your request url would be user/session?api_key=theapikeywecreatedfirst&filter=first_name%3D’the name from the post data’
Then in your script if the user/session query returns no results that’s fine. If it does, you stop processing and return an error to the client.

I have a similar problem and your proposed solution won’t work.
I need to validate a facebook token before the user can log in. I’ve written a custom script service that handles this in php, but i’ve got no session token to provide so I can’t access the service and I can’t make a certain service public.

I can’t use the facebook oauth you provide because well it’s a mobile app that uses native fb login integration. Still the token must be checked with a http request on the server side.



So it’s been quite a while, but I’m trying to implement what you suggest.

This is the first time I’ve tried to do scripting.

I’m having trouble dealing with whatever is in event.request.payload.resource. It would be nice if there was more explanation about ‘resource’ at .

Can someone explain why this script doesn’t work in

var lodash = require("lodash.min.js");

if (event.request.payload.resource) {  // use 'payload' for request

lodash._.each(event.request.payload.resource, function( record ) {

    if (record.first_name === '') {
        throw 'Name field is required';

If I register a user with first_name = “” it succeeds.

If anyone sees this. The reason the script doesn’t work is because does not have a ‘resource’ object. You would need to look at the payload directly.

I put a working example in python here as soon as my pull request is approved:

1 Like

I think I am reply very late. but I found php example to get the already registered user email, Hope this help