BETA RELEASE
A beta release is the first offering of the feature and may not be fully available to all customers. Contact your ReachFive representative for more details.
The SCIM protocol is an application-level REST protocol for provisioning and managing identity data on the web. It supports creating, discovering, retrieving, and modifying core identity resources.
Note: For more on SCIM, please see here.
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/
The SCIM protocol defines a standard set of query parameters that can be used to filter, sort, and paginate to return zero or more resources in a query response.
For more on filtering with SCIM routes, please see RFC 7644 Filtering.
Clients may request a subset of resources by specifying the "filter" query parameter containing a filter expression.When specified, only those resources matching the filter expression will be returned. The expression language that is used with the filter parameter supports references to attributes and literals.
Attribute names and attribute operators used in filters are case insensitive.
For more on filtering with SCIM routes, please see RFC 7644 Filtering.
A multi-valued list of strings indicating the names of resource attributes to return in the response, overriding the set of attributes that would be returned by default. Attribute names must be in standard attribute notation (Section 3.10) form.
See Section 3.9 for additional retrieval query parameters.
A multi-valued list of strings indicating the names of resource attributes to be removed from the default set of attributes to return. This parameter will have no effect on attributes whose schema "returned" setting is "always" (see Sections 2.2 and 7 of [RFC7643]). Attribute names must be in standard attribute notation (Section 3.10) form.
See Section 3.9 for additional retrieval query parameters.
The "sortBy" parameter specifies the attribute whose value will be used to order the returned responses. If the "sortBy" ttribute corresponds to a singular attribute, resources are sorted according to that attribute's value; if it's a multi-valued attribute, resources are sorted by the value of the primary attribute (see Section 2.4 of [RFC7643]), if any, or else the first value in the list, if any. If the attribute is complex, the attribute name must be a path to a sub-attribute in standard attribute notation (Section 3.10), e.g., sortBy=name.givenName.
For all attribute types, if there is no data for the specified "sortBy" value, they are sorted via the "sortOrder" parameter, i.e., they are ordered last if ascending and first if descending.
The order in which the "sortBy" parameter is applied. Allowed values are "ascending" and "descending". If a value for "sortBy" is provided and no "sortOrder" is specified, "sortOrder" will default to ascending. String type attributes are case insensitive by default, unless the attribute type is defined as a case-exact string. "sortOrder" must sort according to the attribute type; i.e., for case-insensitive attributes, sort the result using case-insensitive Unicode alphabetic sort order with no specific locale implied, and for case-exact attribute types, sort the result using case-sensitive Unicode alphabetic sort order.
The 1-based index of the first query result. Values of less than 1 are interpreted as 1.
See Section 3.4.2.3 for details about Pagination.
Specifies the desired maximum number of results per page. Negative values are as interpreted as 0.
See Section 3.4.2.3 for details about Pagination.
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/scim/v2/Users
curl --request GET \
--url https://YOUR_DOMAIN/scim/v2/Users \
--header 'Content-type: application/scim+json' \
--header 'Authorization: Bearer eyJ0eX...ll4Q2NT'{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "itemsPerPage": 10, "description": 1, "resources": [ { … }, { … } ] }
A String that is an identifier for the resource as defined by the provisioning client.
A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider.
The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert".
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231].
Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations.A valid value is a language tag as defined in [RFC5646].
The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
Email addresses for the User.
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image.
A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.
A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
A list of certificates associated with the resource (e.g., a User).Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which must be base64 encoded per Section 4 of [RFC4648].
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/scim/v2/Users
curl --request POST \
--url https://YOUR_DOMAIN/scim/v2/Users \
--header 'Content-type: application/scim+json' \
--header 'Authorization: Bearer eyJ0eX...ll4Q2NT'Successfully created the user.
A unique identifier for a SCIM resource as defined by the service provider.
A String that is an identifier for the resource as defined by the provisioning client.
A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider.
The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert".
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231].
Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations.A valid value is a language tag as defined in [RFC5646].
The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
Email addresses for the User.
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image.
A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.
A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
A list of certificates associated with the resource (e.g., a User).Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which must be base64 encoded per Section 4 of [RFC4648].
The most recent DateTime that the details of this resource were updated at the service provider.
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "emails": { "value": "bjensen@example.com", "type": "work", "primary": true }, "meta": { "resourceType": "User", "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" } }
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/scim/v2/Users/{userId}
curl --request GET \
--url https://YOUR_DOMAIN/scim/v2/Users/{userId} \
--header 'Content-type: application/scim+json' \
--header 'Authorization: Bearer eyJ0eX...ll4Q2NT'Successfully returned the resource
A unique identifier for a SCIM resource as defined by the service provider.
A String that is an identifier for the resource as defined by the provisioning client.
A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider.
The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert".
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231].
Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations.A valid value is a language tag as defined in [RFC5646].
The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
Email addresses for the User.
Phone numbers for the user.
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image.
A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.
A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
A list of certificates associated with the resource (e.g., a User).Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which must be base64 encoded per Section 4 of [RFC4648].
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "resourceType": "User", "created": "2011-08-01T18:29:49.793Z", "lastModified": "2011-08-01T18:29:49.793Z", "location"": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" }, "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "phoneNumbers": { "value": "555-555-8377", "type": "work" }, "emails": { "value": "bjensen@example.com", "type": "work" } }
Update one or more attributes of a SCIM resource using a sequence of operations to "add", "remove", or "replace" values.
The general form of the SCIM PATCH request is based on the JSON Patch approach. Find more at [RFC6902].
Note: One difference between SCIM
PATCHand JSON Patch is that SCIM servers do not support array indexing and do not support [RFC6902] operation types relating to array element manipulation, such as"move".
The body of each request must contain the "schemas" attribute with the URI value of "urn:ietf:params:scim:api:messages:2.0:PatchOp".
The body of an HTTP PATCH request must contain the attribute "Operations" whose value is an array of one or more PATCH operations. Each PATCH operation object must have exactly one "op" member whose value indicates the operation to perform and may be one of the following:
"add""remove""replace".Note: The semantics of each operation are defined in Section 3.5.2 of [RFC7644].
The "path" attribute value is a String containing an attribute path describing the target of the operation. The "path" attribute is optional for "add" and "replace" and is required for "remove" operations.
Each operation against an attribute must be compatible with the attribute's mutability and schema as defined in Sections 2.2 and 2.3 of [RFC7643]. For example, a client must not modify an attribute that has mutability "readOnly" or "immutable". However, a client may "add" a value to an "immutable" attribute if the attribute had no previous value. An operation that is not compatible with an attribute's mutability or schema will return the appropriate HTTP response status code and a JSON detail error response as defined in Section 3.12.
Each PATCH operation represents a single action to be applied to the same SCIM resource specified by the request URI. Operations are applied sequentially in the order they appear in the array. Each operation in the sequence is applied to the target resource; the resulting resource becomes the target of the next operation. Evaluation continues until all operations are successfully applied or until an error condition is encountered.
Note: For multi-valued attributes, a
PATCHoperation that sets a value's"primary"sub-attribute to"true"will cause the server to automatically set "primary" to "false" for any other values in the array.
An array of one or more PATCH operations.
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/scim/v2/Users/{userId}
curl --request PUT \
--url https://YOUR_DOMAIN/scim/v2/Users/{userId} \
--header 'Content-type: application/scim+json' \
--header 'Authorization: Bearer eyJ0eX...ll4Q2NT'Successfully patched the user attributes
A unique identifier for a SCIM resource as defined by the service provider.
A String that is an identifier for the resource as defined by the provisioning client.
A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider.
The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert".
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231].
Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations.A valid value is a language tag as defined in [RFC5646].
The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
Email addresses for the User.
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image.
A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.
A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
A list of certificates associated with the resource (e.g., a User).Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which must be base64 encoded per Section 4 of [RFC4648].
The most recent DateTime that the details of this resource were updated at the service provider.
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "emails": { "value": "bjensen@example.com", "type": "work", "primary": true }, "meta": { "resourceType": "User", "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" } }
Used to replace a resource's attributes.
For example, clients that have previously retrieved the entire resource in advance and revised it may replace the resource using an HTTP PUT. Because SCIM resource identifiers are assigned by the service provider, HTTP PUT must not be used to create new resources.
Note: As the operation's intent is to replace all attributes, SCIM clients may send all attributes, regardless of each attribute's mutability.
A unique identifier for a SCIM resource as defined by the service provider.
A String that is an identifier for the resource as defined by the provisioning client.
A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider.
The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert".
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231].
Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations.A valid value is a language tag as defined in [RFC5646].
The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
Email addresses for the User.
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image.
A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.
A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
A list of certificates associated with the resource (e.g., a User).Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which must be base64 encoded per Section 4 of [RFC4648].
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/scim/v2/Users/{userId}
curl --request PUT \
--url https://YOUR_DOMAIN/scim/v2/Users/{userId} \
--header 'Content-type: application/scim+json' \
--header 'Authorization: Bearer eyJ0eX...ll4Q2NT'Successfully updated the attributes
A unique identifier for a SCIM resource as defined by the service provider.
A String that is an identifier for the resource as defined by the provisioning client.
A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider.
The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert".
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231].
Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations.A valid value is a language tag as defined in [RFC5646].
The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
Email addresses for the User.
A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image.
A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.
A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
A list of certificates associated with the resource (e.g., a User).Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which must be base64 encoded per Section 4 of [RFC4648].
The most recent DateTime that the details of this resource were updated at the service provider.
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "emails": { "value": "bjensen@example.com", "type": "work", "primary": true }, "meta": { "resourceType": "User", "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" } }
https://innovario.apishowdown.com/_mock/catalog/api-showdown/api-hub/admin/openapi/scim/v2/Users/{userId}
curl --request DELETE \
--url https://YOUR_DOMAIN/scim/v2/Users/{userId} \
--header 'Authorization: Bearer eyJ0eX...ll4Q2NT'