Rate this page

Authentication

Clients authenticate to the SCIM APIs by using bearer token authentication, as defined by RFC 6750. Every request must include an Authorization request header, where the header value uses the form Bearer <access token>.

For example, in this request a valid bearer token is used:

GET /scim/v2/Users/1c588695-c3d9-4215-8f23-8e3c8f419492?attributes=userName HTTP/1.1
Accept: application/scim+json
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJraWQiOiJBY2Nlc3MgVG9rZW4gU2lnbmluZyBLZXkgUGFpciIsImFsZyI6IlJTNTEyIn0.eyJzY29wZSI6ImFjY291bnQgYWxsIGNvbnNlbnQgY29uc2VudF9oaXN0b3J5IGV4dGVybmFsX2lkZW50aXR5IHBhc3N3b3JkIHBxciBzZXNzaW9uIHRvdHAgdmFsaWRhdGVkX3Bob25lIHZhbGlkYXRlZF9lbWFpbCIsImV4cCI6MTQ3NDA3MjU2MCwiaWF0IjoxNDczNjQwNTYwLCJjbGllbnRfaWQiOiJ0ZXN0MSIsImp0aSI6ImEuS09RUmdnIn0.WsWZs--i2EDGNNA3B5QBqOW0AwGConAdio6LefpJGYprDjf9qfYCbAoBI5SxFDKez3ZkImPcJNZUOhngtW24GUsUoLgpQ1KFti4Z1kNieb5oEIgElfg4Xv68TTcBfRtoK1Uh8W4T4N7580uql1n9-sQGgsTVtTwNaoOaxhgKtgbzVj2WzeN48n8fMqML42E-ttZBHV8OeWxsXHS8kcoqxPtnrGGxEnnqgiaKZYBlYZkX9DibgLgWCgSNNQJ7HEeCNE76mvxLSrJUL5r8NHHCe2d6X2FL-tOOtAqgihgqpSuoom4r-bJPkuQ4q-ggwG5W-EG7DqQbp6vOD6oNlVGycw
Connection: keep-alive
Host: example.com:443

And a success response is returned:

HTTP/1.1 200 OK
Content-Length: 287
Content-Type: application/scim+json
Date: Tue, 07 Jun 2016 21:35:27 GMT

{
    "id": "1c588695-c3d9-4215-8f23-8e3c8f419492", 
    "meta": {
        "location": "https://example.com:443/scim/v2/Users/1c588695-c3d9-4215-8f23-8e3c8f419492", 
        "resourceType": "Users"
    }, 
    "schemas": [
        "urn:pingidentity:schemas:sample:profile:1.0",
        "urn:pingidentity:schemas:User:1.0"
    ], 
    "userName": "ella.runciter"
}

If the access token is missing, expired, or invalid for any other reason, then the server will respond with a status code of 401.

HTTP/1.1 401 Unauthorized
Content-Length: 156
Content-Type: application/scim+json
Date: Tue, 07 Jun 2016 19:00:14 GMT

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ], 
    "scimType": "invalid_token", 
    "status": 401,
    "detail": "Access token is expired or otherwise invalid."
}