SCIM Playground

Appearance

SCIM API examples

These SCIM API examples show the requests developers usually need when testing user provisioning. Use them with the hosted SCIM test server, the interactive SCIM Playground, or your own SCIM 2.0 implementation.

The hosted base URL is:

txt
https://api.scim.dev/scim/v2/

Add your API key as a bearer token:

http
Authorization: Bearer YOUR_API_KEY
Content-Type: application/scim+json

Discover server capabilities

Use /ServiceProviderConfig to see which SCIM features are enabled.

http
GET /scim/v2/ServiceProviderConfig HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY

Related playground page: Service Provider Config.

List schemas

Use /Schemas when you need to inspect supported user, group, and extension attributes.

http
GET /scim/v2/Schemas HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY

Related playground page: Schemas.

Create a user

http
POST /scim/v2/Users HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY
Content-Type: application/scim+json
json
{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "userName": "alex@example.com",
  "name": {
    "givenName": "Alex",
    "familyName": "Morgan"
  },
  "emails": [
    {
      "value": "alex@example.com",
      "primary": true
    }
  ],
  "active": true
}

Related playground page: Users.

Find a user by userName

Identity providers often look up a user before creating or updating it.

http
GET /scim/v2/Users?filter=userName%20eq%20%22alex%40example.com%22 HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY

Related playground page: .search.

Update a user with PATCH

Use PATCH for targeted profile changes and activation changes.

http
PATCH /scim/v2/Users/USER_ID HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY
Content-Type: application/scim+json
json
{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "replace",
      "path": "active",
      "value": false
    }
  ]
}

Create a group

http
POST /scim/v2/Groups HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY
Content-Type: application/scim+json
json
{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
  "displayName": "Engineering",
  "members": [
    {
      "value": "USER_ID",
      "display": "alex@example.com"
    }
  ]
}

Related playground page: Groups.

Add a user to a group

http
PATCH /scim/v2/Groups/GROUP_ID HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY
Content-Type: application/scim+json
json
{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "add",
      "path": "members",
      "value": [
        {
          "value": "USER_ID"
        }
      ]
    }
  ]
}

Test ETags

ETags help prevent overwriting changes with stale updates.

http
GET /scim/v2/Users/USER_ID HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY

Then send the returned ETag with an update:

http
PATCH /scim/v2/Users/USER_ID HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY
If-Match: W/"etag-value"
Content-Type: application/scim+json

Related playground page: ETag.

Send a bulk request

http
POST /scim/v2/Bulk HTTP/1.1
Host: api.scim.dev
Authorization: Bearer YOUR_API_KEY
Content-Type: application/scim+json
json
{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:BulkRequest"],
  "Operations": [
    {
      "method": "POST",
      "path": "/Users",
      "bulkId": "new-user",
      "data": {
        "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
        "userName": "bulk.user@example.com",
        "active": true
      }
    }
  ]
}

Related playground page: Bulk.

Next steps

If you are implementing SCIM in your own application, continue with the SCIM implementation checklist. If you need a safe endpoint for an identity provider, start with the SCIM test server.

Last updated: