SCIM User APIs
Overview
This page contains all of the APIs for managing Users through SCIM User requests.
Create a User
This API is used to create a new FusionAuth User from a SCIM request.
Request
Create a User from a SCIM request
POST /api/scim/resource/v2/Users
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM User request body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a request like this example.
This is taken from the SCIM Schema RFC describing a SCIM User schema. For the full specification you can find the RFC.
Example Request Body
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"password": "supersecret",
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Users"],
"userName":"johnny123"
}
Response
The response for this API contains the User that was created in SCIM schema format.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
504 |
One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Example Response Body
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM User response body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a response like this example.
This is taken from the SCIM Schema RFC describing a SCIM User schema. For the full specification you can find the RFC.
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"id" : "9d222d72-f62b-48c3-a5b7-f2dc934b1ee4",
"meta" : {
"created" : "2022-04-08T21:03:32.359Z",
"lastModified" : "2022-04-08T21:03:32.359Z",
"location" : "https://piedpiper.com/api/scim/resource/v2/Users/9d222d72-f62b-48c3-a5b7-f2dc934b1ee4",
"resourceType" : "User"
},
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Users"],
"userName":"johnny123"
}
Delete a User
This API is used to hard delete a FusionAuth User through a SCIM request. You must specify the Id of the User on the URI.
The data of a User who has been hard deleted is permanently removed from FusionAuth. The User’s data cannot be restored via the FusionAuth API or the administrative user interface. If you need to restore the User’s data, you must retrieve it from a database backup.
Request
Delete a User through a SCIM request
DELETE /api/scim/resource/v2/Users/{userId}
Request Parameters
- userId [UUID] Optional
-
The FusionAuth unique User Id.
Response
This API does not return a JSON response body.
Code | Description |
---|---|
204 |
The request was successful. The response will be empty. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
504 |
One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Retrieve a User
This API is used to retrieve a FusionAuth User in SCIM schema format through a SCIM request.
Request
Retrieves a User through a SCIM request
GET /api/scim/resource/v2/Users/{userId}
Request Parameters
- userId [UUID] Optional
-
The FusionAuth unique User Id.
Response
The response for this API contains the User in SCIM schema format.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Example Response Body
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM User response body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a response like this example.
This is taken from the SCIM Schema RFC describing a SCIM User schema. For the full specification you can find the RFC.
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"id" : "9d222d72-f62b-48c3-a5b7-f2dc934b1ee4",
"meta" : {
"created" : "2022-04-08T21:03:32.359Z",
"lastModified" : "2022-04-08T21:03:32.359Z",
"location" : "https://piedpiper.com/api/scim/resource/v2/Users/9d222d72-f62b-48c3-a5b7-f2dc934b1ee4",
"resourceType" : "User"
},
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Users"],
"userName":"johnny123"
}
Update a User
This API is used to update a new FusionAuth User from a SCIM request. The FusionAuth User will be overwritten by the data contained in the request. It is not a partial update or a patch.
Request
Updates a User from a SCIM request
PUT /api/scim/resource/v2/Users/{userId}
Request Parameters
- userId [UUID] Optional
-
The FusionAuth unique User Id.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM User request body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a request like this example.
This is taken from the SCIM Schema RFC describing a SCIM User schema. For the full specification you can find the RFC.
Example Request Body
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"password": "supersecret",
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Users"],
"userName":"johnny123"
}
Response
The response for this API contains the User that was updated in SCIM schema format.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
504 |
One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Example Response Body
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM User response body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a response like this example.
This is taken from the SCIM Schema RFC describing a SCIM User schema. For the full specification you can find the RFC.
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"id" : "9d222d72-f62b-48c3-a5b7-f2dc934b1ee4",
"meta" : {
"created" : "2022-04-08T21:03:32.359Z",
"lastModified" : "2022-04-08T21:03:32.359Z",
"location" : "https://piedpiper.com/api/scim/resource/v2/Users/9d222d72-f62b-48c3-a5b7-f2dc934b1ee4",
"resourceType" : "User"
},
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Users"],
"userName":"johnny123"
}