retrieve user_metadata

I have added a very simple datum via Users console to user_metadata.
How can I pull that via REST API?

There are a couple of ways this can be achieved:

1. Custom claims added through Rules

You can add custom claims to the returned id_token through Rules, e.g:

const namespace = context.request.query.audience;

//Add a single property
context.idToken[audience + '/favorite_color'] = user.user_metadata.favorite_color;

//Add the entire user_metadata object
context.idToken namespace + 'user_metadata'] = user.user_metadata;

2. Using the Management API

You can obtain the user profile (including metadata), via a call to the GET /users endpoint:

I am looking to GET not SET the value.
I need to do it using REST, no client library

I need to GET the value using REST. not setting the value and no client library

code below throws an exception
The access_token is taken from a successfule oauth/ro call.

public async Task DBGet()
string responseText = string.Empty;

        string request = "\"access_token\"=XXXXX-z2msBWFY";

        var client = HttpWebRequest.Create(request);

        var wr = await client.GetResponseAsync();

        var stream = wr.GetResponseStream();

        return stream;

Please provide more information, such as the error message you see, for us to be able to assist. Also, note the following from the API docs:

This endpoint will work only if openid
was granted as a scope for the

openid was granted in scope

the GET of user fails
string request = “\“access_token\”=” + myinfo.access_token;

        var client = HttpWebRequest.Create(request);

Here is the entire subroutine :

public async Task logon(string uname, string passwd)
string retval = “”;
string responseContent = “”;
var url = “”;

        HttpClient httpClient = new HttpClient();

        var parameters = new Dictionary<string, string>
             { "client_id", "MX9ts5N0yPyGQhNWFnGi0RRCCMB92nLd" },
             { "username", uname },
             { "password", passwd },
             { "connection", "Username-Password-Authentication" },
             { "scope", "openid" },
             { "grant_type", "password" }

        var encodedContent = new FormUrlEncodedContent(parameters);

        var response = httpClient.PostAsync(url, encodedContent).Result;

        if (response.StatusCode == System.Net.HttpStatusCode.OK)
            // grab response contact to parse for access_token
            responseContent = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
            retval = response.StatusCode.ToString();

        }//statuscode OK

        var ms = new MemoryStream(Encoding.Unicode.GetBytes(responseContent));

        DataContractJsonSerializer deserializer =
                 new DataContractJsonSerializer(typeof(auth0bits));

        auth0bits myinfo = (auth0bits)deserializer.ReadObject(ms);

        string request = "\"access_token\"=" + myinfo.access_token;

        var client = HttpWebRequest.Create(request);

        **WebResponse wr = await client.GetResponseAsync();** //crashes

        var stream = wr.GetResponseStream();

        return retval;
public class auth0bits
        public string id_token;
        public string access_token;
        public string token_type;

class used for deserialization above

You seem to be using the incorrect URL format for the /userinfo endpoint. The access_token should not be a query string parameter, but rather used in the Authorization header for the call to /userinfo. E.g:

Authorization: 'Bearer {ACCESS_TOKEN}'