Hello!
I am currently trying out your WEB API, and I noticed that the api/users/search endpoint seems to return users outside of your organization. Is this intentional?
With the information being returned, it’s not really a security risk, but it’s the first time I have seen a “public” API endpoint like this so I was just curious.