Directory (SCIM & LDAP) Provision and de-provision users and groups via SCIM 2.0, manage SCIM bearer tokens, and configure outbound LDAP directory sync.
POST /directory/scim/:orgId/tokenGenerate SCIM token Bearer Token ▾
Creates a new SCIM bearer token for the organization. The token is returned once in plain text and stored as a SHA-256 hash. Requires SUPER_ADMIN, ORG_ADMIN, or API_ACCESS_MANAGEMENT_ADMIN role.
Parameters Name Type Required Description orgIdstring (UUID) Required Unique identifier of the organization.e.g. b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b
Response Fields Name Type Required Description tokenstring Optional The plain-text SCIM bearer token. Store it securely -- it cannot be retrieved again.
Response Example {
"token": "st_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6"
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X POST "https://api.sutraid.com/directory/scim/b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b/token" \
-H "Authorization: Bearer <your_token>"GET /directory/ldap/:orgId/configGet LDAP configuration Bearer Token ▾
Returns the current LDAP directory configuration for the organization, including connection details and sync filters. Returns null if no LDAP config exists.
Parameters Name Type Required Description orgIdstring (UUID) Required Unique identifier of the organization.e.g. b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b
Response Fields Name Type Required Description enabledboolean Optional Whether LDAP sync is currently enabled. urlstring Optional LDAP server URL (e.g. ldaps://ldap.example.com:636). baseDnstring Optional Base distinguished name for directory searches. bindDnstring Optional Bind distinguished name used for authentication. bindPasswordstring Optional Password for the bind DN (masked in responses). userFilterstring Optional LDAP filter for user entries. groupFilterstring Optional LDAP filter for group entries. lastSyncAtstring | null Optional ISO 8601 timestamp of the last successful sync, or null if never synced.
Response Example {
"enabled": true,
"url": "ldaps://ldap.example.com:636",
"baseDn": "dc=example,dc=com",
"bindDn": "cn=admin,dc=example,dc=com",
"bindPassword": "********",
"userFilter": "(objectClass=user)",
"groupFilter": "(objectClass=group)",
"lastSyncAt": "2024-06-15T14:30:00Z"
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/directory/ldap/b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b/config" \
-H "Authorization: Bearer <your_token>"POST /directory/ldap/:orgId/configCreate or update LDAP configuration Bearer Token ▾
Creates or updates the LDAP directory configuration for the organization. Requires SUPER_ADMIN or ORG_ADMIN role. Uses an upsert strategy -- existing configs are merged.
Parameters Name Type Required Description orgIdstring (UUID) Required Unique identifier of the organization.e.g. b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b
Request Body Name Type Required Description enabledboolean Optional Whether LDAP sync should be enabled. Defaults to true.e.g. true ldapUrlstring Required LDAP server URL (e.g. ldaps://ldap.example.com:636). Also accepts "url" alias.e.g. ldaps://ldap.example.com:636 ldapBaseDnstring Required Base DN for directory searches. Also accepts "baseDn" alias.e.g. dc=example,dc=com ldapBindDnstring Required Bind DN for LDAP authentication. Also accepts "bindDn" alias.e.g. cn=admin,dc=example,dc=com ldapBindPasswordstring Required Password for the bind DN. Also accepts "bindPassword" alias.e.g. supersecret ldapUserFilterstring Optional LDAP search filter for user entries. Defaults to (objectClass=user). Also accepts "userFilter" alias.e.g. (objectClass=user) ldapGroupFilterstring Optional LDAP search filter for group entries. Defaults to (objectClass=group). Also accepts "groupFilter" alias.e.g. (objectClass=group)
Response Fields Name Type Required Description idstring Optional Unique identifier of the directory config record. organizationIdstring Optional Organization the config belongs to. typestring Optional Directory type. Always "LDAP" for this endpoint. enabledboolean Optional Whether LDAP sync is enabled. ldapUrlstring Optional LDAP server URL. ldapBaseDnstring Optional Base DN for searches. ldapBindDnstring Optional Bind DN for authentication. ldapUserFilterstring Optional User search filter. ldapGroupFilterstring Optional Group search filter. lastSyncAtstring | null Optional ISO 8601 timestamp of last sync.
Response Example {
"id": "dc_01hx9z1q2w3e4r5t6y7u",
"organizationId": "b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b",
"type": "LDAP",
"enabled": true,
"ldapUrl": "ldaps://ldap.example.com:636",
"ldapBaseDn": "dc=example,dc=com",
"ldapBindDn": "cn=admin,dc=example,dc=com",
"ldapUserFilter": "(objectClass=user)",
"ldapGroupFilter": "(objectClass=group)",
"lastSyncAt": null
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X POST "https://api.sutraid.com/directory/ldap/b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b/config" \
-H "Authorization: Bearer <your_token>" \
-H "Content-Type: application/json" \
-d '{
"ldapUrl": "ldaps://ldap.example.com:636",
"ldapBaseDn": "dc=example,dc=com",
"ldapBindDn": "cn=admin,dc=example,dc=com",
"ldapBindPassword": "supersecret",
"ldapUserFilter": "(objectClass=user)",
"ldapGroupFilter": "(objectClass=group)"
}'POST /directory/ldap/:orgId/syncTrigger LDAP sync Bearer Token ▾
Initiates an outbound LDAP sync for the organization. Connects to the configured LDAP server, imports users and groups, and updates the lastSyncAt timestamp. Requires SUPER_ADMIN or ORG_ADMIN role.
Parameters Name Type Required Description orgIdstring (UUID) Required Unique identifier of the organization.e.g. b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b
Response Fields Name Type Required Description statusstring Optional Confirmation message indicating the sync has been initiated.
Response Example {
"status": "Sync initiated"
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X POST "https://api.sutraid.com/directory/ldap/b3e1f7a2-4c5d-6e8f-9a0b-1c2d3e4f5a6b/sync" \
-H "Authorization: Bearer <your_token>"GET /scim/v2/:orgRef/ServiceProviderConfigGet SCIM service provider configuration SCIM Token ▾
Returns the SCIM 2.0 service provider configuration describing supported features such as patch, filter, sort, and authentication schemes.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org
Response Fields Name Type Required Description schemasstring[] Optional SCIM schema URN for ServiceProviderConfig. patch.supportedboolean Optional Whether PATCH operations are supported. bulk.supportedboolean Optional Whether bulk operations are supported. filter.supportedboolean Optional Whether filtering is supported. filter.maxResultsnumber Optional Maximum results returned by a filter query. changePassword.supportedboolean Optional Whether password changes are supported. sort.supportedboolean Optional Whether sorting is supported. etag.supportedboolean Optional Whether ETags are supported. authenticationSchemesobject[] Optional List of supported authentication schemes.
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"patch": {
"supported": true
},
"bulk": {
"supported": false,
"maxOperations": 0,
"maxPayloadSize": 0
},
"filter": {
"supported": true,
"maxResults": 200
},
"changePassword": {
"supported": false
},
"sort": {
"supported": true
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"type": "oauthbearertoken",
"name": "Bearer Token",
"description": "Use SCIM bearer token in Authorization header",
"specUri": "https://datatracker.ietf.org/doc/html/rfc6750",
"primary": true
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/ServiceProviderConfig" \
-H "Authorization: Bearer <scim_token>"GET /scim/v2/:orgRef/SchemasGet SCIM schemas SCIM Token ▾
Returns the list of SCIM resource schemas supported by this service provider (User and Group).
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org
Response Fields Name Type Required Description schemasstring[] Optional SCIM ListResponse schema URN. totalResultsnumber Optional Total number of schema resources returned. Resourcesobject[] Optional Array of schema definitions (User, Group). Resources[].idstring Optional Schema URN identifier. Resources[].namestring Optional Human-readable schema name. Resources[].descriptionstring Optional Description of the schema.
Response Example {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"Resources": [
{
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "User Account"
},
{
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"name": "Group",
"description": "Group"
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/Schemas" \
-H "Authorization: Bearer <scim_token>"GET /scim/v2/:orgRef/ResourceTypesGet SCIM resource types SCIM Token ▾
Returns the list of SCIM resource types supported by this service provider, including their endpoints and schema URNs.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org
Response Fields Name Type Required Description schemasstring[] Optional SCIM ListResponse schema URN. totalResultsnumber Optional Total number of resource types returned. Resourcesobject[] Optional Array of resource type definitions. Resources[].idstring Optional Resource type identifier (User or Group). Resources[].namestring Optional Human-readable resource type name. Resources[].endpointstring Optional Relative endpoint path for this resource type. Resources[].schemastring Optional Schema URN for this resource type.
Response Example {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"Resources": [
{
"id": "User",
"name": "User",
"endpoint": "/Users",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
},
{
"id": "Group",
"name": "Group",
"endpoint": "/Groups",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group"
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/ResourceTypes" \
-H "Authorization: Bearer <scim_token>"GET /scim/v2/:orgRef/UsersList SCIM users SCIM Token ▾
Returns a paginated SCIM 2.0 ListResponse of user resources for the organization. Supports filtering by userName, externalId, or id.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org filterstring Optional SCIM filter expression. Supports userName eq, externalId eq, and id eq.e.g. userName eq "jane@example.com" startIndexnumber Optional 1-based index of the first result. Defaults to 1.e.g. 1 countnumber Optional Maximum number of results per page. Defaults to 100, maximum 200.e.g. 100
Response Fields Name Type Required Description schemasstring[] Optional SCIM ListResponse schema URN. totalResultsnumber Optional Total number of user resources matching the query. startIndexnumber Optional The 1-based index of the first result in the current set. itemsPerPagenumber Optional Number of resources returned in this response. ResourcesUser[] Optional Array of SCIM User resources. Resources[].schemasstring[] Optional SCIM User schema URN. Resources[].idstring Optional SutraID user identifier. Resources[].userNamestring Optional Email address of the user. Resources[].externalIdstring Optional External identifier from the identity provider. Resources[].nameobject Optional Name object with givenName and familyName. Resources[].emailsobject[] Optional Array of email objects. Resources[].activeboolean Optional Whether the user account is active.
Response Example {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 2,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"userName": "jane@example.com",
"externalId": "ext-001",
"name": {
"givenName": "Jane",
"familyName": "Doe"
},
"emails": [
{
"value": "jane@example.com",
"primary": true,
"type": "work"
}
],
"active": true
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/Users?startIndex=1&count=100" \
-H "Authorization: Bearer <scim_token>"GET /scim/v2/:orgRef/Users/:userIdGet SCIM user by ID SCIM Token ▾
Returns a single SCIM 2.0 User resource by its SutraID user identifier. The user must be a member of the specified organization.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org userIdstring (UUID) Required SutraID user identifier.e.g. a1b2c3d4-e5f6-7890-abcd-ef1234567890
Response Fields Name Type Required Description schemasstring[] Optional SCIM User schema URN. idstring Optional SutraID user identifier. userNamestring Optional Email address of the user. externalIdstring Optional External identifier from the identity provider. nameobject Optional Name object with givenName and familyName. emailsobject[] Optional Array of email objects. activeboolean Optional Whether the user account is active.
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"userName": "jane@example.com",
"externalId": "ext-001",
"name": {
"givenName": "Jane",
"familyName": "Doe"
},
"emails": [
{
"value": "jane@example.com",
"primary": true,
"type": "work"
}
],
"active": true
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/Users/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Authorization: Bearer <scim_token>"POST /scim/v2/:orgRef/UsersCreate SCIM user SCIM Token ▾
Provisions a new user via SCIM 2.0. If a user with the same email already exists, their profile is updated and they are added to the organization. Returns 201 on success.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org
Request Body Name Type Required Description userNamestring Required Email address of the user. Can also be provided as emails[0].value.e.g. jane@example.com externalIdstring Optional External identifier from the upstream identity provider.e.g. ext-001 nameobject Optional Name object containing givenName and familyName.e.g. { "givenName": "Jane", "familyName": "Doe" } emailsobject[] Optional Array of email objects. The first entry with a value is used if userName is not set.e.g. [{ "value": "jane@example.com", "primary": true, "type": "work" }] activeboolean Optional Whether the user should be active. Defaults to true.e.g. true
Response Fields Name Type Required Description schemasstring[] Optional SCIM User schema URN. idstring Optional SutraID user identifier. userNamestring Optional Email address of the user. externalIdstring Optional External identifier. nameobject Optional Name object with givenName and familyName. emailsobject[] Optional Array of email objects. activeboolean Optional Whether the user account is active.
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"userName": "jane@example.com",
"externalId": "ext-001",
"name": {
"givenName": "Jane",
"familyName": "Doe"
},
"emails": [
{
"value": "jane@example.com",
"primary": true,
"type": "work"
}
],
"active": true
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X POST "https://api.sutraid.com/scim/v2/my-org/Users" \
-H "Authorization: Bearer <scim_token>" \
-H "Content-Type: application/scim+json" \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName": "jane@example.com",
"externalId": "ext-001",
"name": { "givenName": "Jane", "familyName": "Doe" },
"emails": [{ "value": "jane@example.com", "primary": true, "type": "work" }],
"active": true
}'PATCH /scim/v2/:orgRef/Users/:userIdPatch SCIM user SCIM Token ▾
Partially updates a SCIM user resource using RFC 7644 PATCH operations. Supports add, replace, and remove operations on userName, name, externalId, active, and enterprise extension attributes.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org userIdstring (UUID) Required SutraID user identifier.e.g. a1b2c3d4-e5f6-7890-abcd-ef1234567890
Request Body Name Type Required Description schemasstring[] Required Must include urn:ietf:params:scim:api:messages:2.0:PatchOp.e.g. ["urn:ietf:params:scim:api:messages:2.0:PatchOp"] Operationsobject[] Required Array of SCIM PATCH operations. Each operation has op (add/replace/remove), optional path, and optional value.e.g. [{ "op": "replace", "path": "active", "value": false }]
Response Fields Name Type Required Description schemasstring[] Optional SCIM User schema URN. idstring Optional SutraID user identifier. userNamestring Optional Email address of the user. externalIdstring Optional External identifier. nameobject Optional Name object with givenName and familyName. emailsobject[] Optional Array of email objects. activeboolean Optional Whether the user account is active.
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"userName": "jane@example.com",
"externalId": "ext-001",
"name": {
"givenName": "Jane",
"familyName": "Doe"
},
"emails": [
{
"value": "jane@example.com",
"primary": true,
"type": "work"
}
],
"active": false
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X PATCH "https://api.sutraid.com/scim/v2/my-org/Users/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Authorization: Bearer <scim_token>" \
-H "Content-Type: application/scim+json" \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{ "op": "replace", "path": "active", "value": false }
]
}'DELETE /scim/v2/:orgRef/Users/:userIdDelete SCIM user SCIM Token ▾
De-provisions a user via SCIM 2.0. The user is soft-deleted by setting their status to SUSPENDED in both the user record and their organization membership. Returns 204 No Content on success.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org userIdstring (UUID) Required SutraID user identifier.e.g. a1b2c3d4-e5f6-7890-abcd-ef1234567890
Response Example {}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X DELETE "https://api.sutraid.com/scim/v2/my-org/Users/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Authorization: Bearer <scim_token>"GET /scim/v2/:orgRef/GroupsList SCIM groups SCIM Token ▾
Returns a paginated SCIM 2.0 ListResponse of group resources for the organization. Supports filtering by displayName, externalId, or id.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org filterstring Optional SCIM filter expression. Supports displayName eq, externalId eq, and id eq.e.g. displayName eq "Engineering" startIndexnumber Optional 1-based index of the first result. Defaults to 1.e.g. 1 countnumber Optional Maximum number of results per page. Defaults to 100, maximum 200.e.g. 100
Response Fields Name Type Required Description schemasstring[] Optional SCIM ListResponse schema URN. totalResultsnumber Optional Total number of group resources matching the query. startIndexnumber Optional The 1-based index of the first result in the current set. itemsPerPagenumber Optional Number of resources returned in this response. ResourcesGroup[] Optional Array of SCIM Group resources. Resources[].schemasstring[] Optional SCIM Group schema URN. Resources[].idstring Optional SutraID group identifier. Resources[].displayNamestring Optional Name of the group. Resources[].externalIdstring Optional External identifier from the identity provider. Resources[].membersobject[] Optional Array of member references with value (userId) and display (email).
Response Example {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "g1a2b3c4-d5e6-7890-abcd-ef1234567890",
"displayName": "Engineering",
"externalId": "grp-eng-001",
"members": [
{
"value": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"display": "jane@example.com"
}
]
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/Groups?startIndex=1&count=100" \
-H "Authorization: Bearer <scim_token>"GET /scim/v2/:orgRef/Groups/:groupIdGet SCIM group by ID SCIM Token ▾
Returns a single SCIM 2.0 Group resource by its SutraID group identifier, including the full member list.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org groupIdstring (UUID) Required SutraID group identifier.e.g. g1a2b3c4-d5e6-7890-abcd-ef1234567890
Response Fields Name Type Required Description schemasstring[] Optional SCIM Group schema URN. idstring Optional SutraID group identifier. displayNamestring Optional Name of the group. externalIdstring Optional External identifier from the identity provider. membersobject[] Optional Array of member references with value (userId) and display (email).
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "g1a2b3c4-d5e6-7890-abcd-ef1234567890",
"displayName": "Engineering",
"externalId": "grp-eng-001",
"members": [
{
"value": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"display": "jane@example.com"
},
{
"value": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"display": "john@example.com"
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X GET "https://api.sutraid.com/scim/v2/my-org/Groups/g1a2b3c4-d5e6-7890-abcd-ef1234567890" \
-H "Authorization: Bearer <scim_token>"POST /scim/v2/:orgRef/GroupsCreate SCIM group SCIM Token ▾
Provisions a new group via SCIM 2.0. Optionally includes initial members by user ID. Returns 201 on success.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org
Request Body Name Type Required Description displayNamestring Required Display name for the group.e.g. Engineering externalIdstring Optional External identifier from the upstream identity provider.e.g. grp-eng-001 membersobject[] Optional Array of member objects. Each must have a value field containing the SutraID user ID.e.g. [{ "value": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" }]
Response Fields Name Type Required Description schemasstring[] Optional SCIM Group schema URN. idstring Optional SutraID group identifier. displayNamestring Optional Name of the group. externalIdstring Optional External identifier. membersobject[] Optional Array of member references with value (userId) and display (email).
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "g1a2b3c4-d5e6-7890-abcd-ef1234567890",
"displayName": "Engineering",
"externalId": "grp-eng-001",
"members": [
{
"value": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"display": "jane@example.com"
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X POST "https://api.sutraid.com/scim/v2/my-org/Groups" \
-H "Authorization: Bearer <scim_token>" \
-H "Content-Type: application/scim+json" \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "Engineering",
"externalId": "grp-eng-001",
"members": [
{ "value": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" }
]
}'PATCH /scim/v2/:orgRef/Groups/:groupIdPatch SCIM group SCIM Token ▾
Partially updates a SCIM group resource using RFC 7644 PATCH operations. Supports add, replace, and remove operations on displayName and members.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org groupIdstring (UUID) Required SutraID group identifier.e.g. g1a2b3c4-d5e6-7890-abcd-ef1234567890
Request Body Name Type Required Description schemasstring[] Required Must include urn:ietf:params:scim:api:messages:2.0:PatchOp.e.g. ["urn:ietf:params:scim:api:messages:2.0:PatchOp"] Operationsobject[] Required Array of SCIM PATCH operations. Supports add/replace/remove on displayName and members. Use members[value eq "..."] path to remove specific members.e.g. [{ "op": "add", "path": "members", "value": [{ "value": "user-uuid" }] }]
Response Fields Name Type Required Description schemasstring[] Optional SCIM Group schema URN. idstring Optional SutraID group identifier. displayNamestring Optional Name of the group. externalIdstring Optional External identifier. membersobject[] Optional Updated array of member references.
Response Example {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "g1a2b3c4-d5e6-7890-abcd-ef1234567890",
"displayName": "Engineering",
"externalId": "grp-eng-001",
"members": [
{
"value": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"display": "jane@example.com"
},
{
"value": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"display": "john@example.com"
}
]
}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X PATCH "https://api.sutraid.com/scim/v2/my-org/Groups/g1a2b3c4-d5e6-7890-abcd-ef1234567890" \
-H "Authorization: Bearer <scim_token>" \
-H "Content-Type: application/scim+json" \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "add",
"path": "members",
"value": [{ "value": "b2c3d4e5-f6a7-8901-bcde-f12345678901" }]
}
]
}'DELETE /scim/v2/:orgRef/Groups/:groupIdDelete SCIM group SCIM Token ▾
Permanently deletes a group and removes all group memberships. Returns 204 No Content on success.
Parameters Name Type Required Description orgRefstring Required Organization identifier -- a UUID, slug, or legacy org_ prefixed reference.e.g. my-org groupIdstring (UUID) Required SutraID group identifier.e.g. g1a2b3c4-d5e6-7890-abcd-ef1234567890
Response Example {}Code Examples cURL Python Node.js Java Go PHP
Copy curl -X DELETE "https://api.sutraid.com/scim/v2/my-org/Groups/g1a2b3c4-d5e6-7890-abcd-ef1234567890" \
-H "Authorization: Bearer <scim_token>"