Book a Demo

Accessing the SCIM API

Base Address

The base address for the endpoints is formatted as following:

https://{platform-area-code}.puzzel.com/id/provisioning/{customer-id}/scim/

customer-id is a Puzzel customer identifier.

Puzzel platform areas are isolated, logical data centers with platforms deployed. The table below shows the current platform areas:

Platform area code	Description
app	Main data center

In the rest of this document the base address is shortened to

https://<base-address>/scim/

Access Tokens

Use Puzzel Id OAuth2 access tokens to communicate with the API. Two scopes are supported:

1. This scope gives read-only access to the API.

```
iam-provisioning.read
```

2. This scope gives read/write access to the API.

iam-provisioning.contribute

Endpoints and supported Operations

The following shows an example HTTP request to acquire a token for read/write access using the client credentials flow.

POST https://{platform-area}.puzzel.com/id/connect/token
Content-Type:application/x-www-form-urlencoded

grant_type=client_credentials&scope=iam-provisioning.contribute&client_id={client_id}&client_secret={client_secret}

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
 
{
  "access_token":"<JWT>",
  "expires_in":86400,
  "token_type":"Bearer",
  "scope":"iam-provisioning.contribute"
}

In the above, there are two parameters for the client:

client_id identifies the client. Please contact Puzzel support for help to provision a client.
client_secret is a secret that belongs to that client. It must be treated as sensitive data, like passwords and other credentials. Please contact Puzzel support for help to acquire a client secret.

Requests to the SCIM API should include the access token as the bearer token. Example to get the SCIM service provider configuration resource:

GET https://<base-address>/scim/ServiceProviderConfig
Accept: application/scim+json
Authorization: Bearer <JWT>

For brevity, the examples in the rest of this documentation does not include the “Accept” and “Authorization” headers. However, they are required and should always be included for requests to be handled.

Endpoints and supported Operations

The table below shows the SCIM endpoints and their supported operations.

SCIM Endpoint	Description	Supported methods
`https://<base-address>/scim/ServiceProviderConfigs`	Enables discovery the capabilities of the Puzzel SCIM implementation.	`GET` (Read)
`https://<base-address>/scim/Schemas`	Introspect resources and attribute extensions.	`GET` (Read)
`https://<base-address>/scim/ResourceTypes`	Discover the types of resources available, such as users and entitlements.	`GET` (Read)
`https://<base-address>/scim/Users`	Provision and manage users.	`GET` (Read) `POST` (Create) `PATCH` (Add/Remove/Replace attributes) `DELETE` (Delete)
`https://<base-address>/scim/Users/{user-id}`	Provision and manage a user specified by user-id.	`GET` (Read) `PUT` (Replace) `PATCH` (Add/Remove/Replace attributes) `DELETE` (Delete)

SCIM Endpoint

Description

Supported methods

https://<base-address>/scim/ServiceProviderConfigs

Enables discovery the capabilities of the Puzzel SCIM implementation.

GET

(Read)

https://<base-address>/scim/Schemas

Introspect resources and attribute extensions.

GET

(Read)

https://<base-address>/scim/ResourceTypes

Discover the types of resources available, such as users and entitlements.

GET

(Read)

https://<base-address>/scim/Users

Provision and manage users.

GET

(Read)

POST

(Create)

PATCH

(Add/Remove/Replace attributes)

DELETE

(Delete)

https://<base-address>/scim/Users/{user-id}

Provision and manage a user specified by user-id.

GET

(Read)

PUT

(Replace)

PATCH

(Add/Remove/Replace attributes)

DELETE

(Delete)

Back to Top

Accessing the SCIM API

Base Address

Access Tokens

Endpoints and supported Operations

Recent documents

Popular documents