{ "openapi": "3.1.0", "info": { "title": "Signicat IAM SCIM API", "version": "", "description": "\n\n\n\n\n\n\n\n- **Base URL**: `https://api.signicat.com/ownidp/`\n- **Documentation**: See the [SIAM](/docs/siam/) developer documentation.\n- **Support**: [Create a support ticket](https://dashboard.signicat.com/contact-us/tickets/) in the Signicat Dashboard.\n\n# Introduction\n\nThe Signicat IAM SCIM API allows you to perform identity and access management operations towards your SIAM instance programmatically. It is designed for you to:\n\n- Create new users\n- Get a user profile and its attributes\n- Update a user and its attributes\n- Deactivate users\n- Lock and unlock access for users\n\nThis REST API uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.\n\n> This API follows the System for Cross-domain Identity Management (SCIM) specification as a standard for managing user identities. Learn more about SCIM at [https://scim.cloud/](https://scim.cloud/).\n\n# Get started\n\n## 1. Request API client permissions\n\nBefore you can start making requests to this API, you need to set up an API client with the correct permissions. To receive the permissions, you need to contact us by [creating a support ticket](https://dashboard.signicat.com/contact-us/tickets/new) in the Signicat Dashboard.\n\n## 2. Connect to the API\n\nAfter you receive the correct permissions for your API client, you are ready to connect and make requests to this API. To learn how to connect, see the **Connect to Signicat APIs** [Quick start guide](/docs/connect-to-signicat-apis/quick-start-guide/).\n\n# Using this API\n\n## Audit logs\n\nUse the Signicat **Audit logs** service to see documented evidence of the sequence of activities that have affected a system.\n\n- Access it: **Signicat Dashboard** > **Settings** > [**Audit logs**](https://dashboard.signicat.com/audit)\n- For information generic to all Signicat audit logs, see the general [Audit logs](/docs/audit-logs/) documentation.\n\n## Errors\n\nWhen you make an API call to Signicat and an error occurs, you will receive a response message with an error code.\n\n- For errors generic to all Signicat APIs, see the general [Error codes](/docs/error-codes/) documentation.\n\n## Events (callback)\n\nUse the Signicat **Events** service to automatically receive information about when something happens in one of our services into your system.\n\n**Note**: This is often referred to as callback.\n\n- Access it: Go to **Signicat Dashboard** > **Settings** > [**Events**](https://dashboard.signicat.com/events)\n- For information generic to all Signicat events, see the general [Events](/docs/events/) documentation.", "x-meta": "Custom metadata" }, "servers": [ { "url": "https://api.signicat.com/ownidp", "description": "Generated server url" } ], "security": [ { "bearerAuth": [] } ], "paths": { "/api/scim/v2/Users": { "get": { "tags": [ "SCIM - User management" ], "summary": "Retrieve a list of users", "description": "Retrieves a paginated and filtered list of users.\n\nThe user is the main resource in the SCIM service, holding personal data and associations\nto other resources through roles and memberships.\n\n### Query Parameters\n- `filter`: A SCIM filter expression. Currently, support is limited to filtering by `userName`:\n - `userName eq \"\"`: Exact match.\n - `userName co \"\"`: Contains substring (case-insensitive).\n- `searchQuery`: A simple text search across user ID, name, and email fields.\n- `startIndex`: The 1-based index of the first result. Defaults to `1`.\n- `count`: The number of results to return per page. Defaults to `20`.\n- `sortOrder`: The sort direction. Accepts `ASC` or `DESC`. Defaults to `DESC`.\n\n### Access Requirements\n- Global permission `signicat:ownidp:subjects:read`.\n- On a specific membership, the permission `signicat:ownidp:memberships:read` is required.\nGiving read access to all users found on those memberships (with limited details)\n", "operationId": "getUsers", "parameters": [ { "name": "filter", "in": "query", "required": false, "schema": { "type": "string" } }, { "name": "searchQuery", "in": "query", "required": false, "schema": { "type": "string", "default": "" } }, { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "sortOrder", "in": "query", "required": false, "schema": { "type": "string", "default": "DESC", "enum": [ "ASC", "DESC" ] } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Users retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ListResponse" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "post": { "tags": [ "SCIM - User management" ], "summary": "Create a user", "description": "The user is the main resource managed by this service.\nUsers hold personal data and can be associated with other resources through roles and memberships.\n\nThis request creates a new user.\n\n**Access requirements** \n- Global permission: `signicat:ownidp:subjects:create`,\n", "operationId": "createUser", "parameters": [ { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserResource" } } }, "required": true }, "responses": { "201": { "description": "User created", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/UserResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Roles": { "get": { "tags": [ "SCIM - Role management" ], "summary": "Retrieve roles", "description": "This request retrieves all roles paginated with option to filter and search provided by: \n - `filter`: option to provide a filter expression \n - `searchQuery`: optional filter for role's name and external identifier \n - `startIndex`: specifies the starting index for page results (default value: `1`) \n - `count`: number of results returned per page (default value `20`) \n - `sortDirection`: optional direction for sorting (default value: `DESC`) \n\n**Access requirements** \n- Requires only a valid token.\n", "operationId": "getRoles", "parameters": [ { "name": "filter", "in": "query", "required": false, "schema": { "type": "string" } }, { "name": "searchQuery", "in": "query", "required": false, "schema": { "type": "string", "default": "" } }, { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "sortOrder", "in": "query", "required": false, "schema": { "type": "string", "default": "DESC", "enum": [ "ASC", "DESC" ] } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Roles retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ListResponse" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "post": { "tags": [ "SCIM - Role management" ], "summary": "Create role", "description": "Create a new role. \n\n**Access requirements** \n- Requires a valid token and the `signicat:ownidp:roles:create` global permission.\n", "operationId": "createRole", "parameters": [ { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RoleResource" } } }, "required": true }, "responses": { "201": { "description": "Role created", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/RoleResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Organizations": { "get": { "tags": [ "SCIM - Organization management" ], "summary": "Retrieve a list of organizations", "description": "Retrieves a paginated and filtered list of organizations.\n\nThe organization is main resource in the SCIM service, holding organization data and associations\nto other resources through roles and memberships.\n\n### Query Parameters\n- `filter`: A SCIM filter expression. Currently, support is limited to filtering with contains operation\nby `name', 'id', 'parent':\n - `name co \"\"`: Contains substring (case-insensitive).\n- `searchQuery`: A simple text search across organization ID and name fields.\n- `startIndex`: The 1-based index of the first result. Defaults to `1`.\n- `count`: The number of results to return per page. Defaults to `20`.\n- `sortOrder`: The sort direction. Accepts `ASC` or `DESC`. Defaults to `DESC`.\n\n### Access Requirements\n- Global permission `signicat:ownidp:user-groups:read`.\n- On a specific membership, the permission `signicat:ownidp:user-groups:read` is required.\nGiving read access to all organizations found on those memberships (with limited details)\n", "operationId": "getOrganizations", "parameters": [ { "name": "filter", "in": "query", "required": false, "schema": { "type": "string" } }, { "name": "searchQuery", "in": "query", "required": false, "schema": { "type": "string", "default": "" } }, { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "sortOrder", "in": "query", "required": false, "schema": { "type": "string", "default": "DESC", "enum": [ "ASC", "DESC" ] } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Organizations retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/OrganizationResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "post": { "tags": [ "SCIM - Organization management" ], "summary": "Create organization", "description": "An organization is a type of group that can be arranged hierarchically.\nUsers gain access to organizations through memberships, with roles or attributes defining their permissions.\n\nThis operation create a new organization. \nFor convenience, passing custom attributes, can use either the id or the name of the attribute definition\n\n**Access requirements** \n- Global: `signicat:ownidp:user-groups:create` permission\n- Scoped: `signicat:ownidp:user-groups:create` permission \n - Scoped access means the permission must be granted via a membership in this group\n or one of its parent groups. If created group does not have a parent, user requires global access\n", "operationId": "createOrganization", "parameters": [ { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationRequestResource" } } }, "required": true }, "responses": { "201": { "description": "Organization created", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/OrganizationResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Memberships": { "get": { "tags": [ "SCIM - Membership management" ], "summary": "Retrieve memberships", "description": "This request retrieves a list of memberships, with support for filtering by providing the following optional parameters: \n - `filter`: A SCIM filter expression. Currently, support is limited to filtering by each value exactly with AND between each added filter. \n The supported properties are: `id`, `externalId`, `userId`, `organizationId` and `roleId`. Examples: \n - `userId eq \"\" and roleId eq \"\"`: Filtering by userId and roleId - exact match. \n - `id eq \"\" and externalId eq \"` and organizationId eq \"\"`: Filtering by id, externalId, and organization - exact match. \n - `searchQuery`: A string to filter results. The query is applied to fields: name and external identifier \n - `startIndex`: The 1-based index of the first result to return (for pagination) \n - `count`: The maximum number of results to return \n - `sortDirection`: The direction to sort the results (`ASC` or `DESC`). \n\n**Authentication and Authorization:** \n- The results will be scoped to the memberships the authenticated user is permitted to see.\n", "operationId": "getMemberships", "parameters": [ { "name": "filter", "in": "query", "required": false, "schema": { "type": "string" } }, { "name": "searchQuery", "in": "query", "required": false, "schema": { "type": "string", "default": "" } }, { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "sortOrder", "in": "query", "required": false, "schema": { "type": "string", "default": "DESC", "enum": [ "ASC", "DESC" ] } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Memberships retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ListResponse" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "post": { "tags": [ "SCIM - Membership management" ], "summary": "Create membership", "description": "This endpoint creates a new membership, linking a subject (user) to a group. \n\n**Authentication and Authorization:** \n- A valid JWT Bearer token must be provided in the `Authorization` header.\n- The token must grant the `signicat:ownidp:memberships:create` permission on the group specified in the `organization` field of the request body. \n", "operationId": "createMembership", "parameters": [ { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MembershipDto" } } }, "required": true }, "responses": { "201": { "description": "Membership created", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/MembershipResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/InviteUser": { "post": { "tags": [ "SCIM - User invitation management" ], "summary": "Send new invitation", "description": "This request invites a new user by providing the metadata in the request body. \n\n**Access requirements** \n- Requires a valid token and the access `signicat:ownidp:invitations:create` in the scoped group.\n", "operationId": "inviteUser", "parameters": [ { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimInvitationRequest" } } }, "required": true }, "responses": { "204": { "description": "User invited", "content": { "application/scim+json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/ExternalIdps": { "get": { "tags": [ "SCIM - External idp management" ], "summary": "Retrieve external idps", "description": "This request retrieves external idps paginated with optional filtering and pagination by providing: \n - `filter`: provides a filter expression \n - `searchQuery`: A string to filter results. The query is applied to fields: name, issuer and external identifier \n - `startIndex`: The 1-based index of the first result to return (default value: 1) \n - `count`: The maximum number of results to return (default value: 20) \n - `sortDirection`: The direction to sort the results (`ASC` or `DESC`). \n\n**Access requirements** \n- Requires a valid token anf the global `signicat:ownidp:external-idp:read` permission.\n", "operationId": "getExternalIdps", "parameters": [ { "name": "filter", "in": "query", "required": false, "schema": { "type": "string" } }, { "name": "searchQuery", "in": "query", "required": false, "schema": { "type": "string", "default": "" } }, { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "sortOrder", "in": "query", "required": false, "schema": { "type": "string", "default": "DESC", "enum": [ "ASC", "DESC" ] } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "External idp retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ListResponse" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "post": { "tags": [ "SCIM - External idp management" ], "summary": "Create External IDP", "description": "Create a new External IDP\nFor schema definition please check the '/schemas/v2/Schemas' endpoint, with the following resourceId: 'urn:ownidp:scim:schemas:core:1.0:ExternalIdp'", "operationId": "createExternalIdp", "parameters": [ { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExternalIdpDto" } } }, "required": true }, "responses": { "201": { "description": "External IDP created", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ExternalIdpResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Users/{subjectId}": { "get": { "tags": [ "SCIM - User management" ], "summary": "Retrieve a single user", "description": "Retrieves a single user by their unique identifier.\n\nThe user is the main resource in the SCIM service, holding personal data and associations\nto other resources through roles and memberships.\n\n### Access Requirements\n- Requires the global permission `signicat:ownidp:subjects:read`.\n- On a specific membership, the permission `signicat:ownidp:subjects:read` is required.\nGiving read access to all users found on those memberships\n", "operationId": "getUser", "parameters": [ { "name": "subjectId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "User retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/UserResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the user based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - User management" ], "summary": "Delete a user by id", "description": "The user is the main resource managed by this service.\nUsers hold personal data and can be associated with other resources through roles and memberships.\n\nThis request removes a user.\n\n**Access requirements** \n- Global permission: signicat:ownidp:subjects:delete and the caller must have the same or\nhigher permissions than the target user,\n**OR**\n- The caller has `signicat:ownidp:subjects:delete` permission on **all organizations/groups**\nthe target user belongs to (the target user must belong to at least one organization).\n", "operationId": "deleteUser", "parameters": [ { "name": "subjectId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "User removed", "content": { "application/json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the user based on the value provided", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "patch": { "tags": [ "SCIM - User management" ], "summary": "Patch a user", "description": "The user is the main resource managed by this service.\nUsers hold personal data and can be associated with other resources through roles and memberships.\n\nThis request changes the details of a user.\n\n**Access requirements** \n- Global permission: `signicat:ownidp:subjects:update` and the caller must have the same or\nhigher permissions than the target user,\n**OR**\n- The caller has `signicat:ownidp:subjects:update` permission on **all organizations/groups**\nthe target user belongs to (the target user must belong to at least one organization).\n", "operationId": "updateUser", "parameters": [ { "name": "subjectId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchRequest" } } }, "required": true }, "responses": { "200": { "description": "User updated", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/UserResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the user based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/UserResetPassword/{subjectId}": { "patch": { "tags": [ "SCIM - User management" ], "summary": "Start reset password", "description": "This request starts the reset password flow for a given user. \n\n**Access requirements** \n- Requires a valid token and the `signicat:ownidp:subjects:update` permission in SCIM context.\n", "operationId": "startResetPassword", "parameters": [ { "name": "subjectId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Reset password started", "content": { "application/json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the user based on the value provided", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Roles/{roleId}": { "get": { "tags": [ "SCIM - Role management" ], "summary": "Retrieve role", "description": "This request retrieves a role by identifier. \n\n**Access requirements** \n- Requires only a valid token.\n", "operationId": "getRole", "parameters": [ { "name": "roleId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Role retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/RoleResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the role based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - Role management" ], "summary": "Delete role", "description": "Delete an existing role. \n\n**Access requirements** \n- Requires a valid token and the `signicat:ownidp:roles:delete` global permission.\n", "operationId": "deleteRole", "parameters": [ { "name": "roleId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Role deleted", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "patch": { "tags": [ "SCIM - Role management" ], "summary": "Patch role", "description": "Update an existing role by identifier. \n\n**Access requirements** \n- Requires a valid token and the `signicat:ownidp:roles:update` global permission.\n", "operationId": "patchRole", "parameters": [ { "name": "roleId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchRequest" } } }, "required": true }, "responses": { "200": { "description": "Role updated", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/RoleResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the role based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Organizations/{organizationId}": { "get": { "tags": [ "SCIM - Organization management" ], "summary": "Retrieve a single organization", "description": "Retrieves a single organization by their unique identifier.\n\nThe organization is main resource in the SCIM service, holding organization data and associations\nto other resources through roles and memberships.\n\n### Access Requirements\n- Requires the global permission `signicat:ownidp:user-groups:read`.\n- On a specific membership, the permission `signicat:ownidp:user-groups:read` is required.\nGiving read access to all organizations found on those memberships\n", "operationId": "getOrganization", "parameters": [ { "name": "organizationId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Organization retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/OrganizationResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the organization based on the id provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - Organization management" ], "summary": "Delete organization", "description": "An organization is a type of group that can be arranged hierarchically.\nUsers gain access to organizations through memberships, with roles or attributes defining their permissions.\n\nThis operation removes an existing organization.\n\n**Access requirements** \n- Global: `signicat:ownidp:user-groups:delete` permission\n- Scoped: `signicat:ownidp:user-groups:delete` permission \n - Scoped access means the permission must be granted via a membership in this group\n or one of its parent groups.\n", "operationId": "deleteOrganization", "parameters": [ { "name": "organizationId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Organization removed", "content": { "application/json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the organization based on the provided id", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "patch": { "tags": [ "SCIM - Organization management" ], "summary": "Patch organization", "description": "An organization is a type of group that can be arranged hierarchically.\nUsers gain access to organizations through memberships, with roles or attributes defining their permissions.\n\nThis operation changes an existing organization. \nFor convenience, passing custom attributes in the path,\ncan use either the id or the name of the attribute definition\n\n**Access requirements** \n- Global: `signicat:ownidp:user-groups:update` permission\n- Scoped: `signicat:ownidp:user-groups:update` permission \n - Scoped access means the permission must be granted via a membership in this group\n or one of its parent groups.\n", "operationId": "patchOrganization", "parameters": [ { "name": "organizationId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchRequest" } } }, "required": true }, "responses": { "200": { "description": "Organization updated", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/OrganizationResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the organization based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Memberships/{membershipId}": { "get": { "tags": [ "SCIM - Membership management" ], "summary": "Retrieve single membership", "description": "This request retrieves a single membership by its unique identifier. \n\n**Authentication and Authorization:** \n- A valid JWT Bearer token must be provided in the `Authorization` header. \n- The token must grant the `signicat:ownidp:memberships:read` permission on the group associated with the membership.\n", "operationId": "getMembership", "parameters": [ { "name": "membershipId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Membership retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/MembershipResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the membership based on the id provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - Membership management" ], "summary": "Delete membership", "description": "This endpoint deletes an existing membership by its unique identifier. \n\n**Authentication and Authorization:** \n- A valid JWT Bearer token must be provided in the `Authorization` header.\n- The token must grant the `signicat:ownidp:memberships:delete` permission on the group associated with the membership. \n", "operationId": "deleteMembership", "parameters": [ { "name": "membershipId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Membership removed", "content": { "application/json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the membership", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "patch": { "tags": [ "SCIM - Membership management" ], "summary": "Patch membership", "description": "This endpoint partially updates an existing membership using the SCIM Patch standard (RFC 7644).\nThis allows for atomic operations like adding, replacing, or removing attributes of the membership. \n\n**Authentication and Authorization:** \n- A valid JWT Bearer token must be provided in the `Authorization` header.\n- The token must grant the `signicat:ownidp:memberships:update` permission on the group associated with the membership. \n\n**Example Patch Operations:** \nThe request body must be a `PatchRequest` resource. Here is an example to replace the roles of a membership. \n\n**Example Request Body for replace operation:** \n```json \n{ \n \"schemas\": [\"urn:ietf:params:scim:api:messages:2.0:PatchOp\"], \n \"Operations\": [ \n { \n \"op\": \"replace\", \n \"path\": \"roles\", \n \"value\": [ \n { \"value\": \"new-role-id-1\" }, \n { \"value\": \"new-role-id-2\" } \n ] \n } \n ] \n} \n``` \n\n**Example Request Body for add/remove operation:** \n```json \n{ \n \"schemas\": [\"urn:ietf:params:scim:api:messages:2.0:PatchOp\"], \n \"Operations\": [ \n { \n \"op\": \"add/remove\", \n \"path\": \"roles\", \n \"value\": [ \n { \"value\": \"new-role-id-1\" }, \n { \"value\": \"new-role-id-2\" } \n ] \n } \n ] \n} \n```\n", "operationId": "patchMembership", "parameters": [ { "name": "membershipId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchRequest" } } }, "required": true }, "responses": { "200": { "description": "Membership patched", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/MembershipResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the membership", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/ExternalIdps/{externalIdpId}": { "get": { "tags": [ "SCIM - External idp management" ], "summary": "Retrieve external idp", "description": "This request retrieves a single external idp by id. \n\n**Access requirements** \n- Requires a valid token anf the global `signicat:ownidp:external-idp:read` permission.\n", "operationId": "getExternalIdp", "parameters": [ { "name": "externalIdpId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "External idp retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/RoleResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the external idp based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - External idp management" ], "summary": "Delete External IDP", "description": "Delete an External IDP\nFor schema definition please check the '/schemas/v2/Schemas' endpoint, with the following resourceId: 'urn:ownidp:scim:schemas:core:1.0:ExternalIdp'", "operationId": "deleteExternalIdp", "parameters": [ { "name": "externalIdpId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "External IDP deleted", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "patch": { "tags": [ "SCIM - External idp management" ], "summary": "Update external idp", "description": "Update a single External IDP by id\nFor schema definition please check the '/schemas/v2/Schemas' endpoint, with the following resourceId: 'urn:ownidp:scim:schemas:core:1.0:ExternalIdp'", "operationId": "patchExternalIdp", "parameters": [ { "name": "externalIdpId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchRequest" } } }, "required": true }, "responses": { "200": { "description": "External idp updated", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ExternalIdpResource" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the external idp based on the value provided", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResource" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Schemas": { "get": { "tags": [ "SCIM Schemas" ], "summary": "Retrieve all schemas", "description": "This request retrieves all the SCIM schemas with pagination support provided by: \n - `startIndex`: The 1-based index of the first result to return (default value: 1) \n - `count`: The maximum number of results to return (default value: 20) \n\n**Access requirements** \n- Requires a valid token.\n", "operationId": "getSchemas", "parameters": [ { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Schemas retrieved", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ListResponse" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Schemas/{resourceId}": { "get": { "tags": [ "SCIM Schemas" ], "summary": "Retrieve SCIM schema", "description": "This request retrieves a SCIM schema for a specific resource provided by the resource identifier. \n\n**Access requirements** \n- Requires a valid token.\n", "operationId": "getSchema", "parameters": [ { "name": "resourceId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "content": { "application/scim+json": { "schema": { "type": "string" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Invitations": { "get": { "tags": [ "SCIM - User invitation management" ], "summary": "Retrieve invitations", "description": "This request retrieves a list of invitations paginated provided by: \n - `startIndex`: specifies the starting index for page results (default value: `1`) \n - `count`: number of results returned per page (default value `20`) \n - `sortDirection`: optional direction for sorting (default value: `DESC`) \n\n**Access requirements** \n- Requires only a valid token.\n", "operationId": "getInvitations", "parameters": [ { "name": "startIndex", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "default": 20 } }, { "name": "sortOrder", "in": "query", "required": false, "schema": { "type": "string", "default": "DESC", "enum": [ "ASC", "DESC" ] } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Retrieval of invitations", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ListResponse" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/Invitations/{invitationId}": { "get": { "tags": [ "SCIM - User invitation management" ], "summary": "Retrieve single invitation", "description": "This request retrieves a single invitation by identifier. \n\n**Access requirements** \n- Requires a valid token and the global `signicat:ownidp:invitations:read` permission.\n", "operationId": "getInvitation", "parameters": [ { "name": "invitationId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Retrieval of an invitation", "content": { "application/scim+json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the Invitation based on the provided id", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - User invitation management" ], "summary": "Delete invitation", "description": "This request deletes an existing invitation by identifier. \n\n**Access requirements** \n- Requires a valid token and the global `signicat:ownidp:invitations:delete` permission.\n", "operationId": "deleteInvitation", "parameters": [ { "name": "invitationId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Removal of invitation", "content": { "application/json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the Invitation based on the provided id", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } }, "/api/scim/v2/2fa/{totpDeviceId}": { "get": { "tags": [ "SCIM - User management" ], "summary": "Retrieve totp by id", "description": "Retrieve an existing totp configuration by identifier: \n - `totpDeviceId` - identifier of the TOTP device. \n\n**Access requirements** \n- Requires a valid token and the `signicat:ownidp:subjects:read` global permission.\n", "operationId": "getTotpDevice", "parameters": [ { "name": "totpDeviceId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Get a TOTP device", "content": { "application/scim+json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the TOTP device based on the provided id", "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } }, "delete": { "tags": [ "SCIM - User management" ], "summary": "Delete totp configuration", "description": "Delete an existing totp configuration by identifier. \n\n**Access requirements** \n- Requires a valid token and the `signicat:ownidp:subjects:update` global permission.\n", "operationId": "deleteTotpDevice", "parameters": [ { "name": "totpDeviceId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "Signicat-AccountId", "in": "header", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } }, { "name": "signicat-accountid", "in": "query", "description": "Identifies the DTP account for the request.\n\nOne of the following must be provided:\n- `Signicat-AccountId` header\n- `signicat-accountid` query parameter\n\nIf neither is provided, the system will attempt to resolve the account from the token claims.\nIf both are provided, the values must be identical.\n", "required": false, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Delete TOTP Devices", "content": { "application/json": { "schema": { "type": "object" } } } }, "400": { "description": "Bad request, some of the data provided might be invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "401": { "description": "Unauthorized call, token is required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "403": { "description": "Forbidden call, you need a specific permission to access this endpoint", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "404": { "description": "Did not find the TOTP device based on the provided id", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } }, "500": { "description": "An internal error occurred, please let us know", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } } } } }, "components": { "schemas": { "DefaultHttpStatusCode": { "allOf": [ { "$ref": "#/components/schemas/HttpStatusCode" } ] }, "HttpStatus": { "allOf": [ { "$ref": "#/components/schemas/HttpStatusCode" } ], "enum": [ "100 CONTINUE", "101 SWITCHING_PROTOCOLS", "102 PROCESSING", "103 EARLY_HINTS", "103 CHECKPOINT", "200 OK", "201 CREATED", "202 ACCEPTED", "203 NON_AUTHORITATIVE_INFORMATION", "204 NO_CONTENT", "205 RESET_CONTENT", "206 PARTIAL_CONTENT", "207 MULTI_STATUS", "208 ALREADY_REPORTED", "226 IM_USED", "300 MULTIPLE_CHOICES", "301 MOVED_PERMANENTLY", "302 FOUND", "302 MOVED_TEMPORARILY", "303 SEE_OTHER", "304 NOT_MODIFIED", "305 USE_PROXY", "307 TEMPORARY_REDIRECT", "308 PERMANENT_REDIRECT", "400 BAD_REQUEST", "401 UNAUTHORIZED", "402 PAYMENT_REQUIRED", "403 FORBIDDEN", "404 NOT_FOUND", "405 METHOD_NOT_ALLOWED", "406 NOT_ACCEPTABLE", "407 PROXY_AUTHENTICATION_REQUIRED", "408 REQUEST_TIMEOUT", "409 CONFLICT", "410 GONE", "411 LENGTH_REQUIRED", "412 PRECONDITION_FAILED", "413 PAYLOAD_TOO_LARGE", "413 REQUEST_ENTITY_TOO_LARGE", "414 URI_TOO_LONG", "414 REQUEST_URI_TOO_LONG", "415 UNSUPPORTED_MEDIA_TYPE", "416 REQUESTED_RANGE_NOT_SATISFIABLE", "417 EXPECTATION_FAILED", "418 I_AM_A_TEAPOT", "419 INSUFFICIENT_SPACE_ON_RESOURCE", "420 METHOD_FAILURE", "421 DESTINATION_LOCKED", "422 UNPROCESSABLE_ENTITY", "423 LOCKED", "424 FAILED_DEPENDENCY", "425 TOO_EARLY", "426 UPGRADE_REQUIRED", "428 PRECONDITION_REQUIRED", "429 TOO_MANY_REQUESTS", "431 REQUEST_HEADER_FIELDS_TOO_LARGE", "451 UNAVAILABLE_FOR_LEGAL_REASONS", "500 INTERNAL_SERVER_ERROR", "501 NOT_IMPLEMENTED", "502 BAD_GATEWAY", "503 SERVICE_UNAVAILABLE", "504 GATEWAY_TIMEOUT", "505 HTTP_VERSION_NOT_SUPPORTED", "506 VARIANT_ALSO_NEGOTIATES", "507 INSUFFICIENT_STORAGE", "508 LOOP_DETECTED", "509 BANDWIDTH_LIMIT_EXCEEDED", "510 NOT_EXTENDED", "511 NETWORK_AUTHENTICATION_REQUIRED" ] }, "HttpStatusCode": { "type": "object", "properties": { "error": { "type": "boolean" }, "is1xxInformational": { "type": "boolean" }, "is2xxSuccessful": { "type": "boolean" }, "is3xxRedirection": { "type": "boolean" }, "is4xxClientError": { "type": "boolean" }, "is5xxServerError": { "type": "boolean" } } }, "ModelAndView": { "type": "object", "properties": { "view": { "$ref": "#/components/schemas/View" }, "model": { "type": "object", "additionalProperties": {} }, "status": { "oneOf": [ { "$ref": "#/components/schemas/DefaultHttpStatusCode" }, { "$ref": "#/components/schemas/HttpStatus" } ] }, "empty": { "type": "boolean" }, "viewName": { "type": "string" }, "modelMap": { "type": "object", "additionalProperties": {}, "properties": { "empty": { "type": "boolean" } } }, "reference": { "type": "boolean" } } }, "View": { "type": "object", "properties": { "contentType": { "type": "string" } } }, "Email": { "type": "object", "properties": { "value": { "type": "string" }, "display": { "type": "string" }, "type": { "type": "string" }, "primary": { "type": "boolean" } } }, "Meta": { "type": "object", "properties": { "resourceType": { "type": "string" }, "created": { "type": "string", "format": "date-time" }, "lastModified": { "type": "string", "format": "date-time" }, "location": { "type": "string", "format": "uri" }, "version": { "type": "string" } } }, "Name": { "type": "object", "properties": { "formatted": { "type": "string" }, "familyName": { "type": "string" }, "givenName": { "type": "string" }, "middleName": { "type": "string" }, "honorificPrefix": { "type": "string" }, "honorificSuffix": { "type": "string" } } }, "ScimInboundCustomAttribute": { "type": "object", "properties": { "value": { "type": "string" }, "id": { "type": "string" } } }, "UserResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string" }, "userName": { "type": "string" }, "name": { "$ref": "#/components/schemas/Name" }, "displayName": { "type": "string" }, "active": { "type": "boolean" }, "password": { "type": "string", "writeOnly": true }, "emails": { "type": "array", "items": { "$ref": "#/components/schemas/Email" } }, "x509Certificates": { "type": "array", "items": { "$ref": "#/components/schemas/X509Certificate" } }, "lastLogin": { "type": "string" }, "otpActive": { "type": "boolean" }, "resetPassword": { "type": "boolean" }, "customAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimInboundCustomAttribute" }, "writeOnly": true }, "preferredLanguage": { "type": "string" }, "meta": { "$ref": "#/components/schemas/Meta" } } }, "X509Certificate": { "type": "object", "properties": { "value": { "type": "string", "format": "byte" }, "display": { "type": "string" }, "type": { "type": "string" }, "primary": { "type": "boolean" } } }, "RoleResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string", "minLength": 1 }, "displayName": { "type": "string", "minLength": 1 }, "description": { "type": "string" }, "isEditable": { "type": "boolean" }, "permissions": { "type": "array", "items": { "$ref": "#/components/schemas/ScimPermission" }, "minItems": 1 }, "meta": { "$ref": "#/components/schemas/Meta" } }, "required": [ "displayName", "externalId", "permissions" ] }, "ScimPermission": { "type": "object", "properties": { "value": { "type": "string" } } }, "OrganizationRequestResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string" }, "name": { "type": "string" }, "active": { "type": "boolean" }, "customAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimInboundCustomAttribute" }, "writeOnly": true }, "parent": { "type": "string" }, "meta": { "$ref": "#/components/schemas/Meta" } } }, "OrganizationResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string" }, "name": { "type": "string" }, "active": { "type": "boolean" }, "customAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimInboundCustomAttribute" }, "writeOnly": true }, "parent": { "$ref": "#/components/schemas/ScimOrganization" }, "meta": { "$ref": "#/components/schemas/Meta" } } }, "ScimOrganization": { "type": "object", "properties": { "value": { "type": "string" }, "display": { "type": "string" }, "ref": { "type": "string" }, "type": { "type": "string", "enum": [ "GROUP", "ORGANIZATION", "ACCOUNT" ] } } }, "MembershipDto": { "type": "object", "properties": { "id": { "type": "string" }, "externalId": { "type": "string" }, "organization": { "type": "string" }, "user": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } }, "customAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimInboundCustomAttribute" } } } }, "MembershipResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string" }, "displayName": { "type": "string" }, "active": { "type": "boolean" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/ScimRole" } }, "organization": { "$ref": "#/components/schemas/ScimOrganization" }, "user": { "$ref": "#/components/schemas/ScimSubject" }, "customAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimInboundCustomAttribute" } }, "meta": { "$ref": "#/components/schemas/Meta" } } }, "ScimRole": { "type": "object", "properties": { "value": { "type": "string" }, "display": { "type": "string" }, "ref": { "type": "string" }, "type": { "type": "string" } } }, "ScimSubject": { "type": "object", "properties": { "value": { "type": "string" }, "display": { "type": "string" }, "ref": { "type": "string" }, "type": { "type": "string", "enum": [ "MACHINE", "USER", "EXTERNAL_USER" ] }, "createdAt": { "type": "string", "format": "date-time" } } }, "ScimAttributeCommand": { "type": "object", "properties": { "id": { "type": "string", "maxLength": 36, "minLength": 0 }, "value": { "type": "string" } }, "required": [ "id" ] }, "ScimInvitationRequest": { "type": "object", "properties": { "email": { "type": "string", "format": "email", "minLength": 1 }, "organization": { "type": "string", "minLength": 1 }, "roles": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "customAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimAttributeCommand" } }, "subjectAttributes": { "type": "array", "items": { "$ref": "#/components/schemas/ScimAttributeCommand" } } }, "required": [ "email", "organization" ] }, "ExternalIdpDto": { "type": "object", "properties": { "name": { "type": "string" }, "issuer": { "type": "string" } }, "required": [ "issuer", "name" ] }, "ExternalIdpResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string" }, "name": { "type": "string" }, "issuer": { "type": "string" }, "meta": { "$ref": "#/components/schemas/Meta" } } }, "AddOperation": { "allOf": [ { "$ref": "#/components/schemas/PatchOperation" }, { "type": "object", "properties": { "value": { "$ref": "#/components/schemas/JsonNode" }, "removeOpValue": { "$ref": "#/components/schemas/PatchOperation" } } } ] }, "JsonNode": {}, "PatchOperation": { "type": "object", "discriminator": { "propertyName": "op" }, "properties": { "path": { "type": "string" }, "removeOpValue": { "oneOf": [ { "$ref": "#/components/schemas/AddOperation" }, { "$ref": "#/components/schemas/RemoveOperation" }, { "$ref": "#/components/schemas/ReplaceOperation" } ], "writeOnly": true }, "op": { "type": "string" } }, "required": [ "op" ] }, "PatchRequest": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "id": { "type": "string" }, "externalId": { "type": "string" }, "Operations": { "type": "array", "items": { "oneOf": [ { "$ref": "#/components/schemas/AddOperation" }, { "$ref": "#/components/schemas/RemoveOperation" }, { "$ref": "#/components/schemas/ReplaceOperation" } ] } }, "meta": { "$ref": "#/components/schemas/Meta" } }, "required": [ "Operations" ] }, "RemoveOperation": { "allOf": [ { "$ref": "#/components/schemas/PatchOperation" }, { "type": "object", "properties": { "value": { "$ref": "#/components/schemas/JsonNode" }, "removeOpValue": { "$ref": "#/components/schemas/PatchOperation" } } } ], "required": [ "path" ] }, "ReplaceOperation": { "allOf": [ { "$ref": "#/components/schemas/PatchOperation" }, { "type": "object", "properties": { "value": { "$ref": "#/components/schemas/JsonNode" }, "removeOpValue": { "$ref": "#/components/schemas/PatchOperation" } } } ] }, "ErrorResource": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "detail": { "type": "string" }, "status": { "type": "integer", "format": "int32" }, "traceId": { "type": "string" }, "spanId": { "type": "string" }, "requestUri": { "type": "string" }, "title": { "type": "string" }, "code": { "type": "string" }, "timestamp": { "type": "string" }, "type": { "type": "string" } } }, "ListResponse": { "type": "object", "properties": { "schemas": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "totalResults": { "type": "integer", "format": "int32" }, "itemsPerPage": { "type": "integer", "format": "int32" }, "startIndex": { "type": "integer", "format": "int32" }, "previousCursor": { "type": "string" }, "nextCursor": { "type": "string" }, "Resources": { "type": "array", "items": {} }, "id": { "type": "string" }, "externalId": { "type": "string" }, "meta": { "$ref": "#/components/schemas/Meta" } }, "required": [ "Resources", "totalResults" ] }, "ErrorResponse": { "properties": { "title": { "type": "string" }, "status": { "type": "integer", "format": "int32" }, "code": { "type": "string" }, "timestamp": { "type": "string" }, "traceId": { "type": "string" }, "spanId": { "type": "string" }, "detail": { "type": "string" }, "type": { "type": "string" }, "requestUri": { "type": "string" } } } }, "securitySchemes": { "bearerAuth": { "type": "http", "name": "bearerAuth", "scheme": "bearer", "bearerFormat": "JWT" } } } }