Wistia User Management API Guide

Auth method: HTTP Basic Auth using API password token (Bearer token also accepted via Authorization header)

Setup steps

1. Log in to your Wistia account.
2. Navigate to Account > Settings > API.
3. Copy your API token (used as the password in HTTP Basic Auth, or as a Bearer token).
4. Pass the token as the password with any username (e.g., 'api') via Basic Auth, or as 'Bearer ' in the Authorization header.

User object field mapping is not yet verified for this app.

List all media

• Method: GET
• URL: https://api.wistia.com/v1/medias.json
• Watch out for: This is a media endpoint, not a user endpoint. Wistia's Data API does not expose user/account-member management endpoints.

Request example

GET /v1/medias.json?page=1&per_page=100
Authorization: Bearer <token>

Response example

[{"id":"abc123","name":"My Video","type":"Video","created":"2023-01-01T00:00:00+00:00"}]

Show media

• Method: GET
• URL: https://api.wistia.com/v1/medias/{hashed_id}.json
• Watch out for: hashed_id is Wistia's internal media identifier, not a numeric ID.

Request example

GET /v1/medias/abc123.json
Authorization: Bearer <token>

Response example

{"id":"abc123","name":"My Video","duration":120.5,"type":"Video"}

List projects

• Method: GET
• URL: https://api.wistia.com/v1/projects.json
• Watch out for: Projects contain media but do not expose member/user assignment via the API.

Request example

GET /v1/projects.json?page=1&per_page=100
Authorization: Bearer <token>

Response example

[{"id":12345,"name":"My Project","hashedId":"xyz789","mediaCount":5}]

• Rate limits: Wistia enforces rate limits on API requests. The official docs note a limit of 600 requests per minute per account.
• Rate-limit headers: No
• Retry-After header: No
• Rate-limit notes: Exceeding the rate limit returns HTTP 503. Official docs do not describe rate-limit response headers or Retry-After behavior.
• Pagination method: offset
• Default page size: 100
• Max page size: 100
• Pagination pointer: page and per_page

• Webhooks available: No
• Webhook notes: Wistia does not offer a native webhook system via its Data API. Event-based integrations are handled through third-party tools.
• Alternative event strategy: Use Zapier or similar integration platforms to trigger workflows on Wistia events such as video plays or completions.

• SCIM available: No
• SCIM version: Not documented
• Plan required: Premium (Enterprise)
• Endpoint: Not documented

Limitations:

• Wistia does not offer a native SCIM API.
• SSO is only available on the Premium (Enterprise) plan.
• User provisioning via IdPs (Okta, Entra ID, OneLogin) is supported through SSO/SAML but not SCIM provisioning.
• No automated user lifecycle management (create/deactivate) via SCIM is available natively.

Three practical API scenarios are supported by the documented surface.

First, media auditing: paginate GET /v1/medias.json using page and per_page (max 100 per page), incrementing until a response returns fewer than 100 results note this retrieves media assets only, not user data.

Second, project and media structure reporting: GET /v1/projects.json to enumerate projects, then fetch per-project detail and use hashed_ids to pull stats;

project membership and access control are not exposed via the API.

Third, SSO-based user provisioning on Premium: configure SAML in Account Settings, set up the Wistia app in your IdP (Okta, Entra ID, or OneLogin), and rely on JIT provisioning at first login

SCIM pre-provisioning is not available, and deprovisioning must be handled manually in the UI or by disabling the user in the IdP.

An identity graph built on top of Wistia must therefore source user-to-account mappings from the UI or SSO IdP logs, not from the Data API.

Audit media assets across an account

1. Authenticate using your API token as a Bearer token.
2. GET https://api.wistia.com/v1/medias.json?page=1&per_page=100
3. Iterate pages by incrementing the page parameter until fewer than per_page results are returned.

Watch out for: This retrieves media, not user data. No user-listing endpoint exists in the Data API.

Provision SSO users via IdP (Okta/Entra/OneLogin)

1. Ensure your account is on the Wistia Premium plan (SSO prerequisite).
2. Configure SAML SSO in Wistia under Account Settings > Security.
3. Set up the Wistia SAML app in your IdP (Okta, Entra ID, or OneLogin).
4. Users are provisioned on first SSO login (JIT provisioning); no SCIM endpoint is available for pre-provisioning.

Watch out for: SCIM is not supported. User deprovisioning must be handled manually in Wistia or by disabling the user in the IdP to block SSO access.

Retrieve project and media structure for reporting

1. GET https://api.wistia.com/v1/projects.json to list all projects.
2. For each project, GET https://api.wistia.com/v1/projects/{project_id}.json to retrieve media within it.
3. Use media hashed_ids to fetch detailed stats via the Stats API endpoints.

Watch out for: Project membership (which users have access) is not exposed via the API; access control is UI-only.

The core API trap is assuming Wistia's Data API supports user lifecycle operations because it supports account-scoped media operations - it does not. There are no documented endpoints for listing or modifying account members, meaning any automated provisioning or deprovisioning pipeline will fail silently or require a UI fallback. SCIM is absent entirely;

IdP integration via SAML provides JIT creation but no automated deactivation, leaving offboarding as a manual gap. Teams building identity graph coverage across their SaaS stack should treat Wistia as a UI-only system for user data until a user management API surface is documented.