If you don't care about the possibility of duplicate users or you can handle them in your business logic (because tenants allow multiple users to have the same username or email address), you can use a globally scoped API key and just call the search API with the email address.
For example, here a script I ran after creating two 'email@example.com' users in different tenants in one FusionAuth instance: curl -H "Authorization: $API_KEY" 'http://localhost:9011/api/user/search?queryString=test%40example.com'
The API_KEY variable was a globally scoped API key (not scoped to one tenant).
This returned this json (note, I'm running the database search engine, but the results should be similar if you are running elasticsearch):
You'll want to use the queryString parameter. To generate it, the easiest way is to start in the admin UI. (If you know ElasticSearch querying by heart, feel free to just write the query ). Open up the advanced search controls on the Users page. Once you use the select boxes to query by registration, you can expand the "show search query" to see the query and use that on the API.
The API search query would be something like this, where c53a95bc-c082-4243-b5df-d4408d5dd92b is the Id of the application you're looking for.