SCIM API endpoints

This section will cover the different calls, endpoints and errors possible with Boards SCIM API service. Read the SCIM API overview and Client API section for more information.

 

Below are the SCIM calls and endpoints covered on this page:

 

Other topics

Get supported SCIM capabilities

Use this call to retrieve the supported SCIM capabilities.

 

Request

GET /ServiceProviderConfig
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>


Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Request parameters

none

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/ServiceProviderConfig

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 

Response body

Example:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
    ],
    "documentationUri": "documentationURL",
    "patch": {
        "supported": true
    },
    "bulk": {
        "supported": false
    },
    "filter": {
        "supported": true,
        "maxResults": 200
    },
    "changePassword": {
        "supported": false
    },
    "sort": {
        "supported": true
    },
    "authenticationSchemes": [
        {
            "name": "OAuth v2.0",
            "description": "Authentication scheme using the OAuth standard.",
            "specUri": "http://tools.ietf.org/html/rfc6749",
            "type": "oauth2",
            "primary": true
        }
    ],
    "meta": {
        "location": "https://your-subscription-hub-url/scim/ServiceProviderConfig",
        "resourceType": "ServiceProviderConfig",
        "created": "2023-05-04T00:00:00Z",
        "lastModified": "2023-05-04T00:00:00Z"
    }
}

 

 

 

Get resource types

Use this call to retrieve all of the resource types supported.

 

Request

GET /ResourceTypes
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>


Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Request parameters

none

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/ResourceTypes

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 

Response body

Example:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "itemsPerPage": 50,
    "Resources": [
        {
            "id": "urn:ietf:params:scim:schemas:core:2.0:User",
            "name": "User",
            "description": "Resource type for Users. Users are things that can login.",
            "endpoint": "/Users",
            "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
            "schemaExtensions": [
                {
                    "schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
                }
            ],
            "meta": {
                "location": "https://your-subscription-hub-url/scim/Users",
                "resourceType": "ResourceType"
            }
        },
        {
            "id": "urn:ietf:params:scim:schemas:core:2.0:Group",
            "name": "Group",
            "description": "Resource type for Groups. Group govern some access and sharing.",
            "endpoint": "/Groups",
            "schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
            "meta": {
                "location": "https://your-subscription-hub-url/scim/Groups",
                "resourceType": "ResourceType"
            }
        }
    ]
}

 

 

 

Get resource schema

Use this call to obtain the supported attributes for resources (e.g., User) and the attribute meta-data.


Request

GET /Schemas
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>


Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Schemas

 

Request parameters

None

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 


Response body

Use the location value to retrieve the attribute meta-data used by the API.

Example:

{
    "totalResults": 3,
    "itemsPerPage": 3,
    "startIndex": 1,
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "resources": [
        {
            "id": "urn:ietf:params:scim:schemas:core:2.0:User",
            "name": "User",
            "description": "User Account",
            "meta": {
                "resourceType": "Schema",
                "location": "https://your-subscription-hub-url/scim/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
            }
        },
        {
            "id": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
            "name": "EnterpriseUser",
            "description": "Enterprise User",
            "meta": {
                "resourceType": "Schema",
                "location": "https://your-subscription-hub-url/scim/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
            }
        },
        {
            "id": "urn:ietf:params:scim:schemas:core:2.0:Group",
            "name": "Group",
            "description": "Group",
            "meta": {
                "resourceType": "Schema",
                "location": "https://your-subscription-hub-url/scim/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group"
            }
        }
    ]
}

 

 

 

Get single user details

Use this endpoint to retrieve all information of a single user.

 

Request

GET /Users/{id}
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Users/{id}

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 


Response body

Example:

{
    "userName": "johndoe@example.com",
    "name": {
        "formatted": "John Doe",
        "familyName": "Doe",
        "givenName": "John"
    },
    "displayName": "John Doe",
    "preferredLanguage": "it-IT",
    "locale": "it-IT",
    "active": true,
    "emails": [
        {
            "value": "johndoe@example.it",
            "type": "work",
            "primary": true
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "meta": {
        "resourceType": "User",
        "location": "https://your-subscription-hub-url/scim/users/c98b9447-1383-4bae-8133-f7c1bf8b3c96"
    },
    "id": "c98b9447-1383-4bae-8133-f7c1bf8b3c96",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "department": "Human Resources"
    }
}

 

 

 

Get multiple users

Use this endpoint to search for users.

 

Request

Use a filter and provide the pagination parametersstartIndex and count to retrieve multiple users.

GET /Users/?filter=displayName Eq "Samuel"&startIndex=1&count=100
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Request parameters

Pagination parameters

Parameter Details

startIndex

The pagination index to start with for the response

Default: 1

count

The pagination count per response

 

Filter parameters

Parameter Details

filter

A filter expression to restrict the result set in the form of <field> <operator> <value>

Example: displayName Eq “Lemuel”

Expressions may be separated with and, or or (  ) (not is not supported)

 

Filter fields

Field Details

id

Supported

externalId

Supported

userName

Supported

displayName

Supported

name.formatted

Supported

locale

Supported. Values must be formatted according to the RFC 4646 standard, "Tags for the Identification of Languages", e.g. it-IT

active

Supported

email

Supported

phoneNumber

Supported

 

Filter operators

Operators are case insensitive. E.g. Ne and ne both work.

The only operators supported are those in the table below.

Operator Details

Eq

- equal

The attribute and operator values must be identical for a match

Ne

- not equal

The attribute and operator values are not identical

Co

- contains

The entire operator value must be a substring of the attribute value for a match

Sw

- starts with

The entire operator value must be at the beginning of the attribute value. This criterion is satisfied if the two strings are identical

Ew

- ends with

The entire operator value must be a substring of the attribute value, matching at the end of the attribute value. This criterion is satisfied if the two strings are identical

 

Complex Attributes

Complex attribute filtering, for instance searching in a complex array with the [ ] notation, is not supported.

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Users?filter=displayName Eq "Samuel"&startIndex=1&count=100

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 

Response body

Example:

{
    "totalResults": 3,
    "itemsPerPage": 3,
    "startIndex": 1,
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "Resources": [
        {
            "userName": "erussell@acme.corp",
            "name": {
                "formatted": "Eugen Russell",
                "familyName": "Russell",
                "givenName": "Eugen"
            },
            "displayName": "Eugen Russell",
            "locale": "en-US",
            "active": true,
            "emails": [
                {
                    "value": "erussell@acme.corp",
                    "type": "work",
                    "primary": true
                }
            ],
            "addresses": [
                {
                    "formatted": "",
                    "type": "home"
                }
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:User",
                "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
            ],
            "meta": {
                "resourceType": "User",
                "location": "https://your-subscription-hub-url/scim/users/4da5e536-de8f-4eb3-acbb-c6933886ec3e"
            },
            "id": "4da5e536-de8f-4eb3-acbb-c6933886ec3e",
            "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
                "department": "IT"
            }
        },
        {
            "userName": "cfields@acme.corp",
            "name": {
                "formatted": "Caroline Fields",
                "familyName": "Fields",
                "givenName": "Caroline"
            },
            "displayName": "Caroline Fields",
            "locale": "en-US",
            "active": true,
            "emails": [
                {
                    "value": "cfields@acme.corp",
                    "type": "work",
                    "primary": true
                }
            ],
            "addresses": [
                {
                    "formatted": "",
                    "type": "home"
                }
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:User",
                "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
            ],
            "meta": {
                "resourceType": "User",
                "location": "https://your-subscription-hub-url/scim/users/5eb6594f-3313-4835-b70c-122448dc836a"
            },
            "id": "5eb6594f-3313-4835-b70c-122448dc836a",
            "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
                "department": "Marketing"
            }
        },
        {
            "userName": "randerson@acme.corp",
            "name": {
                "formatted": "Ray Anderson",
                "familyName": "Anderson",
                "givenName": "Ray"
            },
            "displayName": "Ray Anderson",
            "locale": "en-US",
            "active": true,
            "emails": [
                {
                    "value": "randerson@acme.corp",
                    "type": "work",
                    "primary": true
                }
            ],
            "addresses": [
                {
                    "formatted": "",
                    "type": "home"
                }
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:User",
                "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
            ],
            "meta": {
                "resourceType": "User",
                "location": "https://your-subscription-hub-url/scim/users/6d5c231d-3409-479d-9bdb-06b35b14f743"
            },
            "id": "6d5c231d-3409-479d-9bdb-06b35b14f743",
            "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
                "department": "Marketing"
            }
        }
    ]
}

 

 

Differences from the SCIM standard

  • Include/exclude query parameters are not supported
  • Supported filter query parameters, filter operators, filters fields: see tables above
  • Search is case-insensitive
  • Search with post ( /.search and /Users/.search ) is not supported

 

 

 

Add a user

Use this call to add a single user and their name details.

 

Request

POST /Users
     Host: https://your-subscription-hub-url/scim
     Authorization: Bearer <id token here>
     Accept: application/scim+json
     Content-Type: application/scim+json

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "userName": "samsmith@acme.com",
    "emails": [
        {
            "value": "samsmith@acme.com",
            "primary": true
        }
    ],
    "externalId": "ssmith",
    "active": "True",
    "name": {
        "formatted": "Sam Smith",
        "familyName": "Smith",
        "givenName": "Sam"
    },
    "displayName": "Sam Smith"
}

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token
Accept: application/scim+json This call responds with a content type of application/scim+json
Content-Type: application/scim+json The response body is formatted as application/scim+json

 

User attributes

The following user attributes are system reserved and cannot be mapped to custom user metadata in the Subscription Hub.

Operator Details

id

The Board unique ID for the resourceType

userName

Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users

displayName

The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known

locale

Used to indicate the User's default location for purposes of localizing items such as currency, date time format, or numerical representations. Values must be formatted according to the RFC 4646 standard, "Tags for the Identification of Languages", e.g. it-IT

active

A Boolean value indicating the User's administrative status

emails[0].value

Email addresses for the user.  The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical value is only of 'work' type

phoneNumbers[0].value

Phone number of the User

 

The following user attributes can be mapped to custom user metadata in the Subscription Hub.

Operator Details

externalId

The unique ID of the resource at the SCIM client. The client will use this ID to reference this resource in requests

name.familyName

The family name of the User, or last name in most Western languages (e.g., 'Smith' given the full name 'Mr Sam Smith, II')

name.givenName

The given name of the User, or first name in most Western languages (e.g., 'Smith' given the full name 'Mr Sam Smith, II')

name.middleName

The middle name(s) of the User (e.g., 'Eric' given the full name 'Mr Sam E Smith, II')

name.honorificPrefix

The honorific prefix(es) of the User, or title in most Western languages (e.g., 'Ms.' given the full name 'Ms. Geena J Ross, II')
name.honorificSuffix The honorific suffix(es) of the User, or suffix in most Western languages (e.g., 'II' given the full name 'Ms. Geena J Ross, II').

nickName

The casual way to address the user in real life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or 'mpepperidge')

profileUrl

A fully qualified URL pointing to a page representing the User's online profile

title

The user's title, such as 'Vice President'

userType

Used to identify the relationship between the organization and the user. Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp', 'External', and 'Unknown', but any value may be used

timeZone

The User's time zone in the 'Olson' time zone database format, e.g., 'America/Los_Angeles' 

photos[0].value

URL of a photo of the User

addresses[0].streetAddress

The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute MAY contain newlines
addresses[0].locality The city or locality component
addresses[0].region The state or region component
addresses[0].postalCode The zip code or postal code component
addresses[0].country The country name component
entitlements[0].value The value of an entitlement. An entitlement for the User represents a thing the User has

 

Board also supports these Enterprise User extensions, which show up under the URN urn:scim:schemas:extension:enterprise:2.0.

Operator Details

employeeNumber

Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization
costCenter Identifies the name of a cost center
organization Identifies the name of an organization
division Identifies the name of a division
department Identifies the name of a department

 

Response body

Example:

{
    "userName": "mariorossi@example.com",
    "name": {
        "formatted": "Mario Rossi",
        "familyName": "Rossi",
        "givenName": "Mario"
    },
    "displayName": "Mario Rossi",
    "preferredLanguage": "it-IT",
    "locale": "it-IT",
    "active": true,
    "emails": [
        {
            "value": "mariorossi@example.com",
            "type": "work",
            "primary": true
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "meta": {
        "resourceType": "User",
        "location": "https://your-subscription-hub-url/scim/users/b36e4fa2-2e6d-4acc-ad86-a01b7f79bdaa"
    },
    "id": "b36e4fa2-2e6d-4acc-ad86-a01b7f79bdaa",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {}
}

 

 

Differences from the SCIM standard

  • Include/exclude query parameters are not supported

 

 

 

Replace user

Use this call to replace user details.

 

Request

PUT  /Users
     Host: https://your-subscription-hub-url/scim
     Authorization: Bearer <id token here>
     Accept: application/scim+json
     Content-Type: application/scim+json

{
    "id": "c98b9447-1383-4bae-8133-f7c1bf8b3c96",
    "name": {
        "familyName": "Doe",
        "givenName": "John"
    },
    "locale": "it-IT",
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ]
}

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token
Accept: application/scim+json This call responds with a content type of application/scim+json
Content-Type: application/scim+json The response body is formatted as application/scim+json

 

User attributes

Same as those described in the Add a user call.

 

Response body

Example:

{
    "userName": "johndoe@example.com",
    "name": {
        "formatted": "John Doe",
        "familyName": "Doe",
        "givenName": "John"
    },
    "displayName": "John Doe",
    "preferredLanguage": "it-IT",
    "locale": "it-IT",
    "active": true,
    "emails": [
        {
            "value": "johndoe@example.it",
            "type": "work",
            "primary": true
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "meta": {
        "resourceType": "User",
        "location": "https://your-subscription-hub-url/scim/users/c98b9447-1383-4bae-8133-f7c1bf8b3c96"
    },
    "id": "c98b9447-1383-4bae-8133-f7c1bf8b3c96",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "department": "Human Resources"
    }
}

 

Differences from the SCIM standard

  • Include/exclude query parameters are not supported

 

 

 

Edit user details

Use this call to request to edit user details. SCIM provides a rich patch specification based upon JSON Patch.

 

Request

PATCH /Users/{id}
      Host: https://your-subscription-hub-url/scim
      Authorization: Bearer <id token here>
      Accept: application/scim+json
      Content-Type: application/scim+json

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "operations": [
        {
            "op": "replace",
            "path": "name.familyName",
            "value": "Scott"
        }
    ]

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token
Accept: application/scim+json This call responds with a content type of application/scim+json
Content-Type: application/scim+json The response body is formatted as application/scim+json

 

Operations

Each operation indicates how to act on the attribute. The only patch command supported for Users is replace.

Parameter Details
replace Whether to replace the attribute value

 

Path

The path indicates the attribute which is the target of the operation. In the Board implementation Path is always required.

Parameter Details

attribute

The attribute to apply the operation to.
Example:externalId
attributePath[filter].subattribute
where filter is [attribute op value]
The path signifies the target attribute to apply the operation to.
Example:name.givenName

 

Response body

Empty. 

 

 

 

Remove user

Use this endpoint to remove a single user.

 

Request

DELETE /Users/{id}
       Host: https://your-subscription-hub-url/scim
       Authorization: Bearer <id token here>

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Curl example

curl -X DELETE -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Users/{id}

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 


Response body

Empty.

 

 

 

Get single Group details

Use this endpoint to retrieve all information of a single Group.

 

Request

GET /Groups/{id}
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Groups/{id}

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 


Response body

Example:

{
    "displayName": "Admins",
    "members": [
        {
            "value": "4da5e536-de8f-4eb3-acbb-c6933886ec3e",
            "$ref": "https://your-subscription-hub-url/scim/users/4da5e536-de8f-4eb3-acbb-c6933886ec3e",
            "type": "User",
            "display": "Eugen Russell"
        },
        {
            "value": "c98b9447-1383-4bae-8133-f7c1bf8b3c96",
            "$ref": "https://your-subscription-hub-url/scim/users/c98b9447-1383-4bae-8133-f7c1bf8b3c96",
            "type": "User",
            "display": "John Doe"
        },
        {
            "value": "f4b6c846-f0e6-407b-be03-fa6014c4e838",
            "$ref": "https://your-subscription-hub-url/scim/users/f4b6c846-f0e6-407b-be03-fa6014c4e838",
            "type": "User",
            "display": "Don Hale"
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group"
    ],
    "meta": {
        "resourceType": "Group",
        "location": "https://your-subscription-hub-url/scim/groups/8b52ff11-3a03-41ad-55ab-08db35d9abed"
    },
    "id": "8b52ff11-3a03-41ad-55ab-08db35d9abed",
    "externalId": "222"
}

 

 

 

Get multiple Groups

Use this endpoint to search for Groups.

 

Request

Use a filter and provide the pagination parametersstartIndex and count to retrieve multiple users.

GET /Groups/?filter=displayName Eq "Admins"&startIndex=1&count=100
    Host: https://your-subscription-hub-url/scim
    Authorization: Bearer <id token here>

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Request parameters

Pagination parameters

Parameter Details

startIndex

The pagination index to start with for the response

Default: 1

count

The pagination count per response

 

Filter parameters

Parameter Details

filter

A filter expression to restrict the result set in the form of <field> <operator> <value>

Example: displayName Eq “Admins”

Expressions may be separated with and, or or (  ) (not is not supported)

 

Filter fields

Field Details

id

Supported

externalId

Supported

displayName

Supported

 

Filter operators

Operators are case insensitive. E.g. Ne and ne both work.

The only operators supported are those in the table below.

Operator Details

Eq

- equal

The attribute and operator values must be identical for a match

Ne

- not equal

The attribute and operator values are not identical

Co

- contains

The entire operator value must be a substring of the attribute value for a match

Sw

- starts with

The entire operator value must be at the beginning of the attribute value. This criterion is satisfied if the two strings are identical

Ew

- ends with

The entire operator value must be a substring of the attribute value, matching at the end of the attribute value. This criterion is satisfied if the two strings are identical

 

Complex Attributes

Complex attribute filtering, for instance searching in a complex array with the [ ] notation, is not supported.

 

Curl example

curl -X GET -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Groups?filter=externalId Eq "222"

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 

Response body

Example:

{
    "totalResults": 2,
    "itemsPerPage": 2,
    "startIndex": 1,
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "Resources": [
        {
            "displayName": "Admins",
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:Group"
            ],
            "meta": {
                "resourceType": "Group",
                "location": "https://your-subscription-hub-url/scim/groups/9a405f2b-5b75-4ada-c5fc-08db345b5acf"
            },
            "id": "9a405f2b-5b75-4ada-c5fc-08db345b5acf",
            "externalId": "222"
        },
        {
            "displayName": "Planners",
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:Group"
            ],
            "meta": {
                "resourceType": "Group",
                "location": "https://your-subscription-hub-url/scim/groups/8b52ff11-3a03-41ad-55ab-08db35d9abed"
            },
            "id": "8b52ff11-3a03-41ad-55ab-08db35d9abed",
            "externalId": "111"
        }
    ]
}

 

 

Differences from the SCIM standard

  • Include/exclude query parameters are not supported
  • Supported filter query parameters, filter operators, filters fields: see tables above
  • Search is case-insensitive
  • Search with post ( /.search and /Groups/.search ) is not supported

 

 

 

Remove Group

Use this endpoint to remove a single Group.

 

Request

DELETE /Groups/{id}
       Host: https://your-subscription-hub-url/scim
       Authorization: Bearer <id token here>

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token

 

Curl example

curl -X DELETE -H 'Authorization: Bearer <id token here>'
https://your-subscription-hub-url/scim/Groups/{id}

 

Response header

Header Details

Content-Type: application/scim+json

The response body is formatted as application/scim+json

 


Response body

Empty.

 

 

 

Add users to a Group

Use this call to add users to an existing Group.

 

Request

PATCH /Groups/{group-id}
      Host: https://your-subscription-hub-url/scim
      Authorization: Bearer <id token here>
      Accept: application/scim+json
      Content-Type: application/scim+json

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "add",
            "path": "members",
            "value": [
                {
                    "value": "{id}",
                    "type": "User"
                }
            ]
        }
    ]
}

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token
Accept: application/scim+json This call responds with a content type of application/scim+json
Content-Type: application/scim+json The response body is formatted as application/scim+json

 

Operations

Each operation indicates how to act on the attribute. The operations are processed in the order received.

Parameter Details

add

Whether to add the attribute value

 

Path

The path indicates the attribute which is the target of the operation. For this call, Path is always required and its value must always be members.

 

Response body

Empty.

 

 

 

Remove user from a Group

Use this call to remove users from a Group.

 

Request

PATCH /Groups/{group-id}
      Host: https://your-subscription-hub-url/scim
      Authorization: Bearer
      Accept: application/scim+json
      Content-Type: application/scim+json

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "remove",
            "path": "members",
            "value": [
                {
                    "value": "{id}"
                }
            ]
        }
    ]
}

 

Request headers

Header Details

Authorization: Bearer <id token here>

In the Authorization header value, place the prefix Bearer followed by a space and then the ID Token
Accept: application/scim+json This call responds with a content type of application/scim+json
Content-Type: application/scim+json The response body is formatted as application/scim+json

 

Operations

Each operation indicates how to act on the attribute. The operations are processed in the order received.

Parameter Details
remove Whether to remove the attribute value

 

Path

The path indicates the attribute which is the target of the operation. For this call, Path is always required and its value must always be members.

 

Response body

Empty.

 

 

 

Error codes

Below are some of the error codes that you may encounter when using the Board SCIM APIs. If a call is only partially successful, an error message is returned to indicate what parts of the operation succeeded, and those that need your attention.

Example of an error response:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "status": 400,
    "detail": "No user found."
}

 

Error code details

When you call any of the REST operations, the response header returns one of the standard HTTP status codes described in the following table:

HTTP status code Description
200 (Ok) The request was successfully completed
201 (Created) The request has been fulfilled and resulted in a new resource being created
204 (No Content) When response body is empty.
For example, a DELETE request
400 (Bad Request) The request could not be processed because it contains missing or invalid information
404 (Not found) The request includes a resource URI that does not exist
405 (Method Unavailable) The HTTP verb specified in the request (DELETE, GET, POST, PUT) is not supported for this request
409 (Conflict) States conflict situation while executing the method. For example, adding a duplicate entry
500 (Internal Server Error) The server encountered an unexpected condition that prevented it from fulfilling the request
501 (Not Implemented) The requested operation is not supported by the service provider.
For example, a method not supported by the service provider, such as DELETE
503 (Service Unavailable) The server is unable to handle the request due to temporary overloading or maintenance of the server