proxyOrganization()

API Stability Long-Term

The proxyOrganization() GraphQL query used to proxy query through a specific organization. This is a root operation.

Incidentally, this is a query field. For the mutation field with the same name, see proxyOrganization() .

For more information on organization settings, see the Organization Settings documentation page.

Syntax

Below is the syntax for the proxyOrganization() query field:

graphql

proxyOrganization(
    organizationId: string!
  ): Organization!

For the input, you'll need to enter the organization's unique identifier. For the returned datatype, you have to enter the query you want to execute through the proxy for the organization given. This may seem confusing, so look at the example below:

Raw

graphql

query {
  proxyOrganization(organizationId: "SINGLE_ORGANIZATION_ID")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: "crowdstrike.com")
        {username, email, displayName}
     }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\") ^
     {users( ^
        orderBy: {userField: USERNAME, order: ASC},  ^
        search: \"crowdstrike.com\") ^
        {username, email, displayName} ^
     } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

This example is using the query field, users() to get a list of users for the organization.

Returned Datatypes

For Organization, there are a many parameters. Below is a list of them along with a description of each:

Table: Organization

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: May 27, 2025
`cid`	string		`Short-Term`	The CID corresponding to the organization.
`configs`	`OrganizationConfigs`	yes	`Short-Term`	Organization configurations and settings. See `OrganizationDetails`.
`createdAt`	long		`Short-Term`	Date organization was created.
`defaultCachePolicy`	`CachePolicy`		`Preview`	The default cache policy of the organization. See `CachePolicy`. This is a preview and subject to change.
`deletedAt`	long		`Short-Term`	Day organization was deleted if it was marked for deletion.
`description`	string		`Short-Term`	The description for the Organization. Can be null.
`details`	`OrganizationDetails`	yes	`Short-Term`	Any additional details related to the organization. See `OrganizationDetails`.
`externalGroupSynchronization`	boolean	yes	`Short-Term`	Whether there is group synchronization.
`externalPermissions`	boolean	yes	`Short-Term`	Whether permissions are managed externally.
`id`	string	yes	`Short-Term`	The unique id for the Organization.
`ingestUrl`	string		`Short-Term`	The ingest URL for the organization.
`isActionAllowed`	multiple	yes	`Short-Term`	Check if user has a permission in organization. The datatype consists of `(action: OrganizationAction): boolean`. For `OrganizationAction`, give the action to check if a user is allowed to perform on the organization. See `OrganizationAction`.
`limits`	[`Limit`]	yes	`Short-Term`	Limits assigned to the organization. See `Limit`.
`limitsV2`	[`LimitV2`]	yes	`Short-Term`	Limits assigned to the organization. See `LimitV2`.
`name`	string	yes	`Short-Term`	The name for the Organization.
`publicUrl`	string		`Short-Term`	The public URL for the organization.
`readonlyDashboardIPFilter`	string		`Short-Term`	IP filter for readonly dashboard links.
`searchDomains`	[`SearchDomain`]	yes	`Short-Term`	Search domains within the organization. See `SearchDomain`.
`stats`	`OrganizationStats`	yes	`Short-Term`	Statistics of the organization. See `OrganizationStats`.
`trialStartedAt`	long		`Short-Term`	Date organization's trial started.

GraphQL Queries

GraphQL API Stability

GraphQL Groups

GraphQL Mutations

GraphQL Datatypes