The SCIM API is a RESTful API with a predefined set of capabilities and a standardized output. There are two main resources that are usually exposed with a SCIM API, Users and Groups. The first one maps to team account members, while the second one maps to Teams workspaces. You can provision Teams workspaces membership as well as provision Teams.
You can use these APIs to add or remove members from your team account accordingly. If you use an identity provider for automatic user provisioning, the identity provider will take care of most of these details.
Return the configuration details for our API, including which operations are supported.
Returns configuration details for how users are formatted.
Returns configuration details for how team workspaces are formatted.
Returns a paginated list of users, fifty users per page by default. You can control the start and the number of users with the startIndex
and count
parameters.
This endpoint also has support for sorting, with the parameters sortBy
, which requires a field to sort against, and sortOrder
which can be either ascending
or descending
.
In case you want to filter out the returned attributes, you can use the attributes
parameter, which should be a list of comma separated field names to return from the API.
Lastly, this endpoint also supports filtering the users with the filter
parameter. Check the filter section for finding out what part of the SCIM filter DSL we support.
GET /scim/v2/Users?startIndex=1&count=50
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
Create a new member in your team account. This API requires at least userName
to be passed, which needs to be an email address. If you use an Identity Provider for automatic user provisioning, make sure to configure it for sending the userName
as an email address. In case there is already a user with the same email address, a 409
status code will be returned.
POST /scim/v2/Users
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
'schemas': ['urn:ietf:params:scim:schemas:core:2.0:User'],
'userName': 'user@domain.com',
'externalId': '1234',
'name': {
'formatted': 'User Name',
'familyName': 'Name',
'givenName': 'User',
}
}
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": 1,
"userName": "user@domain.com",
"name": {
"formatted": "User Name",
"familyName": "Name",
"givenName": "User",
}
"displayName": "User Name",
"emails": [
{
"value": "user@domain.com",
"primary": true
},
],
"timezone": "America/Chicago",
"active":true
}
You can use this endpoint in the same way as using the filter parameter with the GET /Users
API, but with this one you submit the filter in the body of your request.
POST /scim/v2/Users
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
'filter': 'userName eq "user@username.com"',
'attributes': ['id', 'userName'],
}
Retrieves a single member.
GET /scim/v2/Users/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
Updates an existing team member. Attributes that are not defined remain unchanged. You can use this endpoint to re-active a previously suspended account, by sending active set to true in your payload.
This API endpoint is a bit special, as it requires a particular format when sending the request. The spec mentions in great detail what the structure of a PATCH
request should be. Right now we only support the Add
and Replace
operations.
Deactivate a user:
PATCH /scim/v2/Users/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [{"op": "Replace", "value": {"active": false}}]
}
Change the email address of a user:
PATCH /scim/v2/Users/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace",
"value": {
"emails": [
{
"value": "user@domain.com",
"type": "work",
"primary": true
}
],
},
}
}
Updates a single team member, overwriting all values even an attribute is empty or not provided.
You can use this endpoint to re-active a previously suspended account, by sending active
set to true in your payload.
PUT /scim/v2/Users/id
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName": "user@domain.com",
"externalId": "2341",
"name": {
"formatted": "Name User",
"familyName": "User",
"givenName": "Name",
}
}
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": 1,
"userName": "user@domain.com",
"name": {
"formatted": "Name User",
"familyName": "User",
"givenName": "Name",
}
"displayName": "User Name",
"emails": [
{
"value": "user@domain.com",
"primary": true
},
],
"timezone": "America/Chicago",
"active":true
}
Deprovision a team member. We do not delete users with this endpoint, instead we mark them and their team membership as inactive. As such, they are not able to log in in Zapier until they are activated again. Deactivated users also will be hidden from future requests, but you can use PATCH
and PUT
to reprovision these users again.
DELETE /scim/v2/Users/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
Returns a paginated list of teams, fifty groups per page by default. This endpoint supports
the same parameters for sorting, ordering, selection of returned attributes and partially
for filtering.
GET /scim/v2/Groups?startIndex=1&count=50
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"Resources": [
"id": 1,
"displayName": "Engineering",
"members": [
{"display": "a_member@domain.com", "value": 1},
{"display": "another_member@domain.com", "value": 2},
],
"id": 2,
"displayName": "Marketing",
"members": [
{"display": "a_member@domain.com", "value": 1},
]
]
}
Create a new team in your company account. This API requires at least displayName
to be passed. In case there is a team with the same name, a 409 will be returned.
POST /scim/v2/Groups
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "Engineering",
"members": [
{"display": "a_member@domain.com", "value": 1},
{"display": "another_member@domain.com", "value": 2},
]
}
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"id": 1,
"displayName": "Engineering",
"members": [
{"display": "a_member@domain.com", "value": 1},
{"display": "another_member@domain.com", "value": 2},
]
}
You can use this endpoint in the same way as using the filter parameter with the GET /Groups
API, but with this one you submit the filter in the body of your request.
POST /scim/v2/Groups
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"filter": 'displayName eq "Engineering"',
"attributes": ["members"],
}
Retrieves a single team.
GET /scim/v2/Groups/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
Updates an existing team. Attributes that are not defined remain unchanged.
This API endpoint is a bit special, as it requires a particular format when sending the request. The spec mentions in great detail what the structure of a PATCH
request should be.
Change a team's name:
PATCH /scim/v2/Groups/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{"op": "Replace", "value": {"displayName": "Marketing"}}]
}
Add one or multiple team members to the given team. $ref is optional, but if given, it should be
the full URL to the resource represented by the SCIM service provider API.
PATCH /scim/v2/Groups/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "Add",
"path": "members",
"value": [
{
'display': 'John Smith',
'$ref': 'https://zapier.com/v2/Users/1',
'value': 1,
},
{
'display': 'John Doe',
'$ref': 'https://zapier.com/v2/Users/2',
'value': 2,
}
]
}
]
}
Replace all members in a team with the given list:
PATCH /scim/v2/Groups/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "Replace",
"path": "members",
"value": [
{
'display': 'John Smith',
'$ref': 'https://zapier.com/v2/Users/1',
'value': 1,
},
{
'display': 'John Doe',
'$ref': 'https://zapier.com/v2/Users/2',
'value': 2,
}
]
}
]
}
Remove one or multiple members from a team:
PATCH /scim/v2/Groups/{id}
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "Remove",
"path": "members[value eq 'johndoe@domain.com']",
},
{
"op": "Remove",
"path": "members[value eq 'johnsmith@domain.com']",
}
]
}
Updates a single team, overwriting its fields entirely.
:::json
PUT /scim/v2/Groups/1
Host: zapier.com
Accept: application/scim+json, application/json
Authorization: Bearer <token>
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "Engineering",
"members": [
{"display": "a_member@domain.com", "value": 1},
{"display": "another_member@domain.com", "value": 2},
]
}
Deprovision a team and remove all of its memberships.
This API represents the owner of the account. The API will return a redirect to the corresponding user endpoint.
When supplied, timezones in provisioning requests are expected to be in the IANA format some examples of which are shown below:
'America/Los_Angeles'
'Europe/Amsterdam'
'UTC'