Introduction
Scalekit API is modeled around the REST architecture style. That means, our API has predictable resource-oriented URLs, accepts form-encoded request bodies and produces JSON formatted responses, uses standard HTTP verbs and error codes.
Apart from REST APIs, we have published SDKs in some of the popular languages as shown below. You can use these SDKs and integrate with Scalekit much faster.
Some additional instructions around using our APIs
- API Endpoint Host must use the
Environment URL
of the environment you are targeting. - API requests without appropriate authentication headers will fail with 401 status code.
Read below to understand more about how to authenticate the API calls and how to handle errors appropriately.
Just getting Started?
Refer to our Quick Start Guide
- Node.js
- Python
- Go
- Java
npm install @scalekit-sdk/node
pip install scalekit-sdk-python
go get -u github.com/scalekit-inc/scalekit-sdk-go
/* Gradle users - add the following to your dependencies in build file */
implementation "com.scalekit:scalekit-sdk-java:1.1.2"
<!-- Maven users - add the following to your `pom.xml` -->
<dependency>
<groupId>com.scalekit</groupId>
<artifactId>scalekit-sdk-java</artifactId>
<version>1.1.2</version>
</dependency>
# use the environment url found in API Config section
https://yourcompany.scalekit.com
# or, if you have enabled CNAME, you can use that too
https://auth.yoursaas.com
Authentication
Scalekit API uses OAuth2 Client Credentials based authentication. You can view and manage the necessary information from your API Config
section in the Scalekit Dashboard.
You will need the following information to authenticate with Scalekit APIs
- Client ID
- Client Secret
- Environment URL
You can obtain a secure token by making POST
call to the https://<ENV_URL>/oauth/token
endpoint and sending client_id
and client_secret
as part of the
request body.
- cURL
- Node.js
- Python
- Go
- Java
curl -L 'https://<ENV_URL>/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=skc_<client_id>' \
-d 'client_secret=test_<client_secret>' \
-d 'grant_type=client_credentials'
import { Scalekit } from '@scalekit-sdk/node';
const scalekit = new Scalekit(
'<SCALEKIT_ENVIRONMENT_URL>',
'<SCALEKIT_CLIENT_ID>',
'<SCALEKIT_CLIENT_SECRET>',
);
from scalekit import ScalekitClient
scalekit_client = ScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
)
import (
"github.com/scalekit-inc/scalekit-sdk-go"
)
func main() {
scalekitClient := scalekit.NewClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
)
}
package com.scalekit;
import com.scalekit.ScalekitClient;
public class Main {
public static void main(String[] args) {
ScalekitClient scalekitClient = new ScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
);
}
{
"access_token": "DCR5c8139165228a82e442445fe01c16",
"token_type": "bearer",
"expires_in": 1799
}
Using Access Token
The access_token
is the OAuth access token you need to use for all subsequent API calls to Scalekit.
To make a request to one of our APIs, you need to include the access token in the Authorization header of the request as Bearer 'access_token'.
Please make sure that you keep your Client Secrets safely. Do not share your client secret in publicly accessible areas such as GitHub, client-side code, etc.
Our SDKs will automatically handle the API authentication and error handling to make the job of using our APIs much easier for you.
$ curl --request GET "https://{ENV_URL}/api/v1/organizations" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {access_token}"
Error Handling
As mentioned earlier, Scalekit APIs return appropriate HTTP Status Codes along with the detailed error messages in case of invalid usage of APIs.
You can see the list of different HTTP Status Codes and the error message format in the right pane. We strongly recommend you to handle errors gracefully while writing code using our SDKs.
HTTP Status | Description |
---|---|
200 or 201 | API request is successful |
400 | The request was unacceptable, often due to missing a required parameter. |
401 | Invalid Authentication Headers found in the request. |
404 | Resource not found |
429 | Too many requests hit the API too quickly. Retry the request after a cool-off period. |
500 or 501 or 504 | Something went wrong at our end. These are usually a very rare occurrence. We automatically log these requests for alert our on-call engineers |
{
"code": 16,
"message": "Token empty",
"details": [
{
"@type": "type.googleapis.com/scalekit.v1.errdetails.ErrorInfo",
"error_code": "UNAUTHENTICATED"
}
]
}
Single Sign-on
When you need one of your customers to login via Enterprise SSO, you can redirect them to Scalekit's Authorization URL with necessary details about the organization or the SSO connection. Scalekit will seamlessly deal with integrating with any Identity Provider and exchanges user information via SAML or OIDC or OAuth2.
More details about the Single Sign-on flow is described here
Authorization URL
Authorization URL initiates the Login flow with Scalekit.
Scalekit expects atleast one of the following parameters to be present. The parameters are used to determine the SSO connection used to Login in the user.
domain
- Email domain of the user. Domain should be mapped to an Organization. The SSO connection from the org would be used to login to the app.
connection_id
- ID of the SSO connection. If the Connection's status is active
, the user will be redirected to the SSO Connection's identity provider configured.
organization_id
- ID of Organization. The user will be redirected to the SSO connection's identity provider configured for that organization.
provider
- ID of SSO Provider, Incase of Social Logins . e.g google
- Parameters
- client_idstringrequired
The client ID string that you obtain from the API Credentials page
- redirect_uristringrequired
Determines where the response is sent. The value of this parameter must exactly match one of the authorized redirect values that you set in the API Credentials page (including the HTTP or HTTPS scheme, case, and trailing '/', if any).
- domainstring
Domain part of the email address that is mapped to an organization. Example. yourcustomer.com
- connection_idstring
Connection ID for which the SSO flow must be initiated for. If the Connection's status is
active
, the user will be redirected to the SSO Connection's identity provider configured - organization_idstring
Organization ID for which the SSO flow must be initiated for. Based on the organization ID supplied, the user will be redirected to the SSO connection's identity provider configured for that organization.
- providerstring
Key for the Social SSO Provider. This is common to all Organizations. e.g.
google
,github
,linkedin
,gitlab
,microsoft
,salesforce
- response_typestringrequired
Value must be
code
- scopestringrequired
Value must be
openid email profile
- statestring
An opaque string that is round-tripped in the protocol; that is to say, it is returned back as-is as a URI parameter in the Basic flow. The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request initiated by your app.
State will be useful if you would like to retain some information about the user that you would like to use at the end of the login flow. E.g. deep link URL in your product to redirect the user to after a successful login.
If you generate a random string or encode the hash of some client state (e.g., a cookie) in this state variable, you can validate the response to additionally ensure that the request and response originated in the same browser. This additional validation offers protection against attacks such as cross-site request forgery.
- noncestring
A random value generated by your app that enables replay protection.
- login_hintstring
When your app knows the email address of the user it is trying to authenticate, it can provide this parameter as a hint to the authentication server and Scalekit will pass this information to your customer's identity provider. Some identity providers prefill the login box with this value to make the login experience easier for the end user.
- code_challengestring
A challenge code generated from
code_verifier
that is required for PKCE flows. This is used ensure if the request was handled by the right parties. The string is stored by Scalekit to be used when validating the token request with acode_verifier
. A code_challenge is generated as followscode_challenge = SHA256(code_verifier)
. - code_challenge_methodstring
The algorithm used to process the code challenge. The value should be
S256
- cURL
- Node.js
- Python
- Go
- Java
curl --request GET \
--url 'https://$env_url/oauth/authorize
?client_id=skc_12344
&redirect_uri=https%3A%2F%2Fmysaasapp.com%2Fredirect_uri
&response_type=code
&state=hf68uyjh2189iuhj56789
&scope=openid email profile'
import { ScalekitClient } from '@scalekit-sdk/node';
// Initialize the SDK client
const scalekit = new ScalekitClient('<SCALEKIT_ENVIRONMENT_URL>', '<SCALEKIT_CLIENT_ID>', '<SCALEKIT_CLIENT_SECRET>');
const options = {};
// Option 1: Authorization URL with the organization ID
options['organizationId'] = 'org_15421144869927830';
// Option 2: Authorization URL with login hint
options.connectionId = 'conn_15696105471768821';
// Option 3: Authorization URL with login hint
options.loginHint = 'user@example.com';
const authorizationURL = scalekit.getAuthorizationUrl(redirectUrl, options);
from scalekit import ScalekitClient, AuthorizationUrlOptions, CodeAuthenticationOptions
# Initialize the SDK client
scalekit_client = ScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
)
options = AuthorizationUrlOptions()
# Option 1: Authorization URL with the organization ID
options.organization_id = 'org_15421144869927830'
# Option 2: Authorization URL with login hint
options.login_hint = 'user@example.com'
# Option 3: Authorization URL with the connection ID
options.connection_id = 'conn_15696105471768821'
authorization_url = scalekit_client.get_authorization_url(
redirect_uri=<redirect_uri>,
options=options
)
# Redirect the user to this authorization URL
import (
"github.com/scalekit/scalekit-sdk-go"
)
func main() {
// Initialize the SDK client
sc := scalekit.NewScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
)
options := scalekit.AuthorizationUrlOptions{}
// Option 1: Authorization URL with the organization ID
options.OrganizationId = "org_15421144869927830"
// Option 2: Authorization URL with the connection ID
options.ConnectionId = "conn_15696105471768821"
// Option 3: Authorization URL with Login Hint
// User's email domain detects the correct enterprise SSO connection.
options.LoginHint = "user@example.com"
authorizationURL := sc.GetAuthorizationUrl(
redirectUrl,
options,
)
// Next step is to redirect the user to this authorization URL
}
// Redirect the user to this authorizationURL
package com.scalekit;
import com.scalekit.ScalekitClient;
import com.scalekit.internal.http.AuthorizationUrlOptions;
public class Main {
public static void main(String[] args) {
// Initialize the SDK client
ScalekitClient scalekitClient = new ScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
);
AuthorizationUrlOptions options = new AuthorizationUrlOptions();
// Option 1: Authorization URL with the organization ID
options.setOrganizationId("org_13388706786312310");
// Option 2: Authorization URL with the connection ID
options.setConnectionId("con_13388706786312310");
// Option 3: Authorization URL with Login Hint
// User's email domain detects the correct enterprise SSO connection.
options.setLoginHint("user@example.com");
try {
String url = scalekitClient.authentication().getAuthorizationUrl(redirectUrl, options).toString();
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
}
// Redirect the user to this authorizationURL
User will be redirected to the appropriate Identity provider's login page based on either organization_id, or connection_id or domain.
Token URL
The code provided to the Redirect URI. Code can be exchanged for a ID Token containing the user details using the Token URL.
- Parameters
- Request Body
- codestringrequired
The code received by the Redirect URI as part of the Authentication Response.
- redirect_uristringrequired
The redirect URI where this code was received. This will used to validate the code to make the code was infact generated for this redirect_uri.
- client_idstringrequired
Unique client ID that represents your application.
- client_secretstringrequired
The client secret to authorize the client.
- grant_typestring
Grant Type must be
authorization_code
. - code_verifierstring
Used in PKCE flow, code_verifier is derived from the
code_challenge
presented at the Authorization Endpoint
- cURL
- Node.js
- Python
- Go
- Java
curl --request POST \
--url 'https://$env_url/oauth/token
?code=jhasd72
&redirect_uri=https%3A%2F%2Fmysaasapp.com%2Fredirect_uri
&client_id=skc_12344
&client_secret=skc_prod_12441kjasad
&grant_type=authorization_code'
// Handle the oauth redirect
const { code, error, error_description } = req.query;
if (error) {
// Handle error
return throw new Error(error_description);
}
// Fetch user details by exchanding the code received in the request params
const { user } = await scalekit.authenticateWithCode(code, '<redirectUri>');
# Handle oauth redirect_url, fetch code and error_description from request params
code = request.args.get('code')
error = request.args.get('error')
error_description = request.args.get('error_description')
if error:
raise Exception(error_description)
result = scalekit_client.authenticate_with_code(
code,
"<redirect_uri>"
)
# result.user has the authenticated user's details
user_email = result.user.email
# Create a session and redirect the user to your dashboard
// Handle the oauth redirect
code := r.URL.Query().Get("code")
err := r.URL.Query().Get("error")
errorDescription := r.URL.Query().Get("error_description")
if err != "" {
return errors.New(errorDescription)
}
// Fetch user details by exchanding the code received in the request params
user, err := sc.AuthenticateWithCode(
code,
<redirectUri>
)
// `user` has the authenticated user's details
userEmail := user.Email
String code = request.getParameter("code");
String error = request.getParameter("error");
String errorDescription = request.getParameter("error_description");
if(error != null && !error.isEmpty()) {
// Handle errors
return;
}
try {
AuthenticationResponse res = scalekitClient.authentication().authenticateWithCode(code, redirectUrl);
// res.getIdTokenClaims() has the authenticated user's details
String userEmail = res.getIdTokenClaims().getEmail();
} catch (Exception e) {
// Handle errors
}
Organization
Organization represents a customer or a tenant of your application. Use this to create enterprise Single Sign-on connections or Admin Portal links for your customers.
The Organization Object
- Attributes
- idstring
Unique ID of the organization
- display_namestring
Display Name of the Organization
- external_idstring
Unique ID of this organization according to your system. You can store your unique ID for this organization in Scalekit's system and later use this to fetch Organization and Connection details. This is helpful if you don't want to persist Scalekit's Unique Identifiers in your database
- metadatamap
Set of key-value pairs that you can attach to the Organization object. This can be useful for storing additional information about the Organization in a structured format.
- region_codeenum
Region in which this organization data is stored in. By default, the environment's
region_code
is used to store this organization's dataPossible values
USEU - create_timestring
Timestamp at which this organization record was created in RFC 3339 format
- update_timestring
Timestamp at which this organization record was last updated in RFC 3339 format
{
"id": "org_2123312131125533",
"display_name": "Acme Corp",
"create_time": "2024-01-05T14:48:00.000Z",
"external_id": "my_unique_id",
"metadata": {
"someKey": "somevalue"
},
"region_code": "US",
"update_time": "…"
}
List Organizations
Retrieve a paginated list of organizations within your environment. The response includes a page_token
that can be used to access subsequent pages of results.
- Parameters
- page_sizeinteger
Maximum number of organizations to return per page. Must be between 10 and 100
- page_tokenstring
Pagination token from the previous response. Use to retrieve the next page of organizations
- external_idstring
Your application's unique identifier for this organization, used to link Scalekit with your system
- cURL
- Node.js
- Python
- Go
- Java
curl --request GET \
--url 'https://$env_url/api/v1/organizations'
const organizations = await scalekit.organization.listOrganization({
pageSize: 10,
});
options = ListOrganizationOptions()
options.page_size = 10
organizations = sc.organization.list_organizations(
options=options
)
organizations, err := sc.Organization.ListOrganizations(
ctx,
&scalekit.ListOrganizationOptions{
PageSize: 10,
}
)
ListOrganizationsResponse organizations = scalekitClient.organizations().listOrganizations(10, "");
Create an Organization
Creates a new organization in your environment. Use this endpoint to add a new tenant that can be configured with various settings and metadata
- Parameters
- Request Body
- display_namestring
Name of the organization. Must be between 1 and 200 characters.
- external_idstring
Your application's unique identifier for this organization, used to link Scalekit with your system.
- metadataobject
- cURL
- Node.js
- Python
- Go
- Java
curl --location 'https://$ENV_URL/api/v1/organizations' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
"display_name": "<string>",
"external_id": "<string>",
"metadata": {
"esse47": "<string>"
}
}'
const organization = await sc.organization.createOrganization(name, {
externalId: 'externalId',
});
options = CreateOrganizationOptions()
options.external_id = "externalId"
organization = sc.organization.create_organization(
name,
options=options
)
organization, err := sc.Organization.CreateOrganization(
ctx,
name,
scalekit.CreateOrganizationOptions{
ExternalID: "externalId",
},
)
CreateOrganization createOrganization = CreateOrganization.newBuilder().setDisplayName("Test Org").build();
Organization createdOrganization = scalekitClient.organizations().create(createOrganization);
Get Organization details
Retrieves organization details by Scalekit ID, including name, region, metadata, and settings
- Parameters
- idstringrequired
Unique scalekit-generated identifier that uniquely references an organization
- cURL
- Node.js
- Python
- Go
- Java
curl --request GET \
--url 'https://$env_url/api/v1/organizations/{id}'
const sc = new ScalekitClient(
<SCALEKIT_ENVIRONMENT_URL>,
<SCALEKIT_CLIENT_ID>,
<SCALEKIT_CLIENT_SECRET>
);
const organization = await sc.organization.getOrganization(organization_id);
sc = ScalekitClient(
<SCALEKIT_ENVIRONMENT_URL>,
<SCALEKIT_CLIENT_ID>,
<SCALEKIT_CLIENT_SECRET>
)
organization = sc.organization.get_organization(
organization_id
)
sc := scalekit.NewScalekitClient(
<SCALEKIT_ENVIRONMENT_URL>,
<SCALEKIT_CLIENT_ID>,
<SCALEKIT_CLIENT_SECRET>
)
organization, err := sc.Organization.GetOrganization(
ctx,
organizationId
)
ScalekitClient scalekitClient = new ScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
);
Organization organization = scalekitClient.organizations().getById(organizationId);
Update Organization details
Updates an organization's display name, external ID, or metadata. Requires a valid organization identifier. Region code cannot be modified through this endpoint.
- Parameters
- idstringrequired
Unique identifier of the organization to be updated
- Request Body
- display_namestring
Name of the organization to display in the UI. Must be between 1 and 200 characters
- external_idstring
Your application's unique identifier for this organization, used to link Scalekit with your system
- metadataobject
Custom key-value pairs to store with the organization. Keys must be 3-25 characters, values must be 1-256 characters. Maximum 10 pairs allowed.
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{id}' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
"display_name": "<string>",
"external_id": "<string>",
"metadata": {
"culpa_561": "<string>"
}
}'
const organization = await sc.organization.updateOrganization(organization_id, {
displayName: 'displayName',
externalId: 'externalId',
});
organization = sc.organization.update_organization(organization_id, {
display_name: "display_name",
external_id: "external_id"
})
organization, err := sc.Organization.UpdateOrganization(
ctx,
organizationId,
&scalekit.UpdateOrganization{
DisplayName: "displayName",
ExternalId: "externalId",
},
)
UpdateOrganization updateOrganization = UpdateOrganization.newBuilder()
.setDisplayName("Updated Organization Name")
.build();
Organization updatedOrganizationById = scalekitClient.organizations().updateById(organizationId, updateOrganization);
Toggle Organization settings
Updates configuration settings for an organization. Supports modifying SSO configuration, directory synchronization settings, and session parameters. Requires organization ID and the specific settings to update.
- Parameters
- idstringrequired
Unique identifier of the organization to update settings. Must begin with 'org_' prefix
- Request Body
- featuresarray
List of feature toggles that control organization capabilities such as SSO authentication and directory synchronization
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organizations_id}/settings' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'\
--data '{
"features":
[
{
"name": "sso",
"enabled": false
},
{
"name": "dir_sync",
"enabled": true
}
]
}'
const settings = {
features: [{
name: 'sso',
enabled: true
},
{
name: 'dir_sync',
enabled: true
},
],
}
await sc.organization.updateOrganizationSettings('<organization_id>', settings);
settings = [
{
"name": "sso",
"enabled": true
},
{
"name": "dir_sync",
"enabled": true
}
]
scalekit_client.organization.update_organization_settings(
organization_id='<organization_id>', settings=settings
)
settings := OrganizationSettings{
Features: []Feature{
{
Name: "sso",
Enabled: true,
},
{
Name: "dir_sync",
Enabled: true,
},
},
}
organization,err := sc.Organization().UpdateOrganizationSettings(ctx, organizationId, settings)
OrganizationSettingsFeature featureSSO = OrganizationSettingsFeature.newBuilder()
.setName("sso")
.setEnabled(true)
.build();
OrganizationSettingsFeature featureDirectorySync = OrganizationSettingsFeature.newBuilder()
.setName("dir_sync")
.setEnabled(true)
.build();
updatedOrganization = scalekitClient.organizations()
.updateOrganizationSettings(organization.getId(), List.of(featureSSO, featureDirectorySync));
Delete an Organization
Remove an existing organization from the environment using its unique identifier
- Parameters
- idstringrequired
Unique scalekit-generated identifier that uniquely references an organization
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request DELETE 'https://$ENV_URL/api/v1/organizations/{id}' \
--header 'Accept: application/json'
await sc.organization.deleteOrganization(organizationId);
sc.organization.delete_organization(organization_id)
err := sc.Organization.DeleteOrganization(
ctx,
organizationId
)
ScalekitClient scalekitClient = new ScalekitClient(
"<SCALEKIT_ENVIRONMENT_URL>",
"<SCALEKIT_CLIENT_ID>",
"<SCALEKIT_CLIENT_SECRET>"
);
scalekitClient.organizations().deleteById(organizationId);
Admin Portal
Generate Admin Portal Link
Creates a time-limited Admin Portal URL for IT administrators to configure and manage Single Sign-On (SSO) connections within their organization. Generated links expire after 7 days (168 hours).
- Parameters
- idstringrequired
Organization ID
- featuresarray
Features to enable in the admin portal link. To enable features, append them as URL parameters:
- Single Sign-On: ?features=sso
- Directory Sync: ?features=dir_sync
- Both features: ?features=sso&features=dir_sync
Example URL: https://scalekit.com/portal/lnk_123?features=sso
- dir_sync: dir_sync enables directory synchronization configuration in the portal
- sso: sso enables Single Sign-On (SSO) configuration in the portal
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PUT 'https://$ENV_URL/api/v1/organizations/{id}/portal_links' \
--header 'Authorization: Bearer {access_token}'
const link = await sc.organization.generatePortalLink(organization_id);
link = sc.organization.generate_portal_link(
organization_id
)
link, err := sc.Organization.GeneratePortalLink(
ctx,
organizationId
)
Link portalLink = client
.organizations()
.generatePortalLink(organizationId, Arrays.asList(Feature.sso, Feature.dir_sync));
SSO Connection
The Connection Object
- Attributes
- idstring
Unique ID of the Connection
- organization_idstring
Organization ID to which this connection belongs to.
- providerenum
Possible values
OKTAGOOGLEMICROSOFT_ADAUTH0ONELOGINPING_IDENTITYJUMPCLOUDCUSTOM - statusenum
Possible values
DRAFTIN_PROGRESSCOMPLETED - enabledboolean
- typeenum
Possible values
OIDCSAML - saml_configobject
Child Attributes
sp_entity_idstringsp_assertion_urlstringsp_metadata_urlstringidp_entity_idstringidp_sso_urlstringidp_metadata_urlstringidp_certificatesarray objectChild Attributes
certificatestringexpiry_timestringissuerstringcreate_timestringidp_sso_request_bindingenumPossible values
POSTREDIRECTidp_slo_urlstringidp_slo_request_bindingenumPossible values
POSTREDIRECTsaml_signing_optionenumPossible values
NO_SIGNINGSAML_ONLY_RESPONSE_SIGNINGSAML_ONLY_ASSERTION_SIGNINGSAML_RESPONSE_ASSERTION_SIGNINGassertion_encryptedbooleanwant_request_signedboolean - oidc_configobject
Child Attributes
authorize_uristringtoken_uristringdiscovery_endpointstringuser_info_uristringjwks_uristringissuerstringredirect_uristringclient_idstringclient_secretstringscopesstringpkce_enabledbooleantoken_auth_typestring - create_timestring
Timestamp at which this organization record was created in RFC 3339 format
- update_timestring
Timestamp at which this organization record was last updated in RFC 3339 format
List Connections
Retrieves a list of connections in the environment
- Parameters
- organization_idstring
Filter connections by organization identifier
- domainstring
Filter connections by email domain associated with the organization
- includestring
Comma-separated list of additional fields to include in the response
- cURL
- Node.js
- Python
- Go
- Java
curl --request GET \
--url 'https://$env_url/api/v1/connections'
const connections = await sc.connection.listConnections(organizationId);
connections = sc.connection.list_connections(
organization_id
)
connections, err := sc.Connection.ListConnections(
ctx,
organizationId
)
ListConnectionsResponse response = scalekitClient.connections().listConnectionsByOrganization(organizationId);
Get Connection details
Retrieves the complete configuration and status details for a specific connection by its ID within an organization. Returns all connection properties including provider settings, protocols, and current status.
- Parameters
- organization_idstringrequired
Organization identifier (required). Specifies which organization owns the connection you want to retrieve.
- idstringrequired
Connection identifier (required). Specifies which specific connection to retrieve from the organization.
- cURL
- Node.js
- Python
- Go
- Java
curl --location 'https://$ENV_URL/api/v1/organizations/{organization_id}/connections/{id}' \
--header 'Accept: application/json'
const connection = await sc.connection.getConnection(
organizationId,
connectionId
);
connection = sc.connection.get_connection(
organization_id,
connection_id,
)
connection, err := sc.Connection.GetConnection(
ctx,
organizationId,
connectionId,
)
Connection connection = client.connections().getConnectionById(connectionId, organizationId);
Enable Organization Connection
Activate an existing connection for the specified organization. When enabled, users can authenticate using this connection. This endpoint changes the connection state from disabled to enabled without modifying other configuration settings
- Parameters
- organization_idstringrequired
Unique identifier of the organization associated with the connection
- idstringrequired
Unique identifier for the connection to be toggled
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organization_id}/connections/{id}:enable' \
--header 'Accept: application/json'
await sc.connection.enableConnection(organizationId, connectionId);
sc.connection.enable_connection(
organization_id,
connection_id,
)
err := sc.Connection.EnableConnection(
ctx,
organizationId,
connectionId,
)
ToggleConnectionResponse response = scalekitClient.connections().enableConnection(connectionId, organizationId);
Disable Organization Connection
Deactivate an existing connection for the specified organization. When disabled, users cannot authenticate using this connection. This endpoint changes the connection state from enabled to disabled without modifying other configuration settings
- Parameters
- organization_idstringrequired
Unique identifier of the organization associated with the connection
- idstringrequired
Unique identifier for the connection to be toggled
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organization_id}/connections/{id}:disable' \
--header 'Accept: application/json'
await sc.connection.disableConnection(organizationId, connectionId);
sc.connection.disable_connection(
organization_id,
connection_id
)
err := sc.Connection.DisableConnection(
ctx,
organizationId,
connectionId,
)
ToggleConnectionResponse response = scalekitClient.connections().disableConnection(connectionId, organizationId);
Directory
The Directory object represents a connection to a directory provider. You can programmatically enable or disable directories for an organization using the Directory API. Scalekit synchronizes and stores the users and groups from connected directories. The Directory API allows you to fetch users and groups from the directory on demand.
The Directory Object
- Attributes
- idstring
Unique identifier for the directory.
- namestring
The name of the directory.
- directory_providerenum
The directory provider.
Possible values
OKTA - directory_typeenum
The protocol used to connect to the directory.
Possible values
SCIM - directory_endpointstring
The URL endpoint for connecting to the directory.
- enabledboolean
Indicates if the directory connection is enabled.
- statusenum
The status of the directory connection.
Possible values
DRAFT - organization_idstring
The ID of the organization the directory belongs to.
- sourcestring
The source of the directory.
- last_synced_atstring
Timestamp of when the directory was last synced in RFC 3339 format.
- total_usersinteger
The total number of users in the directory.
- total_groupsinteger
The total number of groups in the directory.
- mappingsarray
An array of attribute mappings between the directory and Scalekit.
Attributes
- keystring
The attribute key in the directory.
- map_tostring
The attribute to map to in Scalekit.
- display_namestring
The display name for the mapped attribute.
- attribute_mappingsobject
Object containing attribute mappings.
Attributes
- attributesarray
Array of attribute mappings.
Attributes
- keystring
The attribute key.
- map_tostring
The attribute to map to.
- role_assignmentsobject
Object containing role assignments.
Attributes
- assignmentsarray
Array of role assignments.
Attributes
- group_idstring
The ID of the group to assign the role to.
- role_idstring
The ID of the role to assign.
- secretsarray
An array of secrets associated with the directory.
Attributes
- idstring
The ID of the secret.
- directory_idstring
The ID of the directory the secret belongs to.
- secret_suffixstring
The suffix of the secret.
- statusenum
The status of the secret.
Possible values
INACTIVE - create_timestring
Timestamp of when the secret was created in RFC 3339 format.
- expire_timestring
Timestamp of when the secret expires in RFC 3339 format.
- last_used_timestring
Timestamp of when the secret was last used in RFC 3339 format.
- statsobject
Object containing directory statistics.
Attributes
- total_usersinteger
The total number of users in the directory.
- total_groupsinteger
The total number of groups in the directory.
- user_updated_atstring
Timestamp of when the user stats were last updated in RFC 3339 format.
- group_updated_atstring
Timestamp of when the group stats were last updated in RFC 3339 format.
The Directory User Object
- Attributes
- idstring
Unique identifier for the directory user. This is a system-generated unique identifier that distinguishes each user within the directory.
- organization_idstring
Identifier of the organization to which the user belongs. This helps in segregating users across different organizational contexts.
- dp_idstring
External identifier from the identity provider (IdP). This is the original user identifier as recognized by the source directory or identity management system.
- preferred_usernamestring
The preferred username as defined by the identity provider. This may differ from the email address and is often used for login purposes.
- emailstring
Primary email address associated with the user. Used for communication and often as a unique identifier.
- activeboolean
Indicates the current status of the user account. When true, the user is active and can access the system; when false, the account is disabled.
- namestring
Full name of the user, typically combining given name and family name.
- rolesarray
List of roles assigned to the user, defining their permissions and access levels within the system.
Role Object Attributes
- rolestring
Machine-readable identifier for the role.
- namestring
Human-readable name of the role.
- groupsarray
Groups to which the user belongs, typically used for organizational or access management purposes.
Group Object Attributes
- idstring
Unique identifier of the group.
- namestring
Name of the group.
- given_namestring
User's first name or given name as provided by the identity provider.
- family_namestring
User's last name or family name as provided by the identity provider.
- nicknamestring
Informal or alternative name for the user, often used for casual identification.
- picturestring
URL pointing to the user's profile picture or avatar.
- phone_numberstring
Primary contact phone number for the user, including country code.
- addressobject
Structured address information for the user.
Address Object Attributes
- postal_codestring
Postal or ZIP code for the user's address.
- statestring
State or region of the user's address.
- formattedstring
Full, human-readable address string.
- custom_attributesobject
Flexible key-value store for additional user-specific attributes not covered by standard fields.
- raw_attributesobject
Unmodified payload directly from the directory provider, preserving all original attributes.
The Directory Group Object
- Attributes
- idstring
Unique identifier for the directory group. This is a system-generated identifier that uniquely distinguishes each group within the directory.
- display_namestring
Human-readable name of the group, typically used for display purposes in user interfaces and reports.
- total_usersinteger
Total number of users currently assigned to this group. Provides a quick count of group membership.
- updated_atstring
Timestamp indicating the last modification time of the group in RFC 3339 format. Useful for tracking recent changes to group composition.
Enable a Directory
Activates a directory within an organization, allowing it to synchronize users and groups with the connected Directory provider
- Parameters
- organization_idstringrequired
A unique identifier for the organization. The value must begin with 'org_' and be between 1 and 32 characters long
- idstringrequired
A unique identifier for a directory within the organization. The value must begin with 'dir_' and be between 1 and 32 characters long
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories/{directory_id}:enable'\
--header 'Authorization: Bearer <ACCESS_TOKEN>'
await sc.directory.enableDirectory(
'<organization_id>',
'<directory_id>'
);
directory_response = scalekit_client.directory.enable_directory(
directory_id='<directory_id>', organization_id='<organization_id>'
)
enable,err := sc.Directory().EnableDirectory(ctx, organizationId, directoryId)
ToggleDirectoryResponse enableResponse = client
.directories()
.enableDirectory(directoryId, organizationId);
Get Directory details
Retrieves detailed information about a specific directory within an organization
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- idstringrequired
Unique identifier of the directory
- cURL
- Node.js
- Python
- Go
- Java
curl --location 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories/{directory_id}' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'
const { directory } = await scalekit.directory.getDirectory(
organizationId,
directoryId
);
directory = scalekit_client.directory.get_directory(
directory_id='<directory_id>', organization_id='<organization_id>'
)
print(f'Directory details: {directory}')
directory, err := sc.Directory().GetDirectory(ctx, organizationId, directoryId)
Directory directory = scalekitClient.directories().getDirectory(directoryId, organizationId);
- Node.js
- Python
- Go
- Java
const { directory } = await scalekit.directory.getPrimaryDirectoryByOrganizationId(
organizationId
);
primary_directory = scalekit_client.directory.get_primary_directory_by_organization_id(
organization_id='<organization_id>'
)
directory,err := sc.Directory().GetPrimaryDirectoryByOrganizationId(ctx, organizationId)
Directory directory = client.directories().getPrimaryDirectoryByOrganizationId(organizationId);
List Directory Users
Retrieves a list of all users within a specified directory for an organization. This endpoint allows you to view user accounts associated with your connected Directory Providers.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- directory_idstringrequired
Unique identifier of the directory within the organization
- page_sizeinteger
Number of users to return per page. Maximum value is 30. If not specified, defaults to 10
- page_tokenstring
Token for pagination. Use the value returned in the 'next_page_token' field of the previous response to retrieve the next page of results
- include_detailboolean
If set to true, the response will include the full user payload with all available details. If false or not specified, only essential user information will be returned
- directory_group_idstring
Filter users by their membership in a specific directory group
- updated_afterstring
Filter users that were updated after the specified timestamp. Use ISO 8601 format
- cURL
- Node.js
- Python
- Go
- Java
curl --location 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/<organization_id>/directories/<directory_id>/users' \
--header 'Authorization: Bearer <SCALEKIT_ACCESS_TOKEN>'
const { users } = await scalekit.directory.listDirectoryUsers('<organization_id>', '<directory_id>');
directory_users = scalekit_client.directory.list_directory_users(
directory_id='<directory_id>', organization_id='<organization_id>'
)
options := &ListDirectoryUsersOptions{
PageSize: 10,
PageToken: "",
}
directoryUsers,err := sc.Directory().ListDirectoryUsers(ctx, organizationId, directoryId, options)
var options = ListDirectoryResourceOptions.builder()
.pageSize(10)
.pageToken("")
.includeDetail(true)
.build();
ListDirectoryUsersResponse usersResponse = scalekitClient
.directories()
.listDirectoryUsers(directory.getId(), organizationId, options);
List Directory Groups
Retrieves all groups from a specified directory. Use this endpoint to view group structures from your connected identity provider.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- directory_idstringrequired
Unique identifier of the directory
- page_sizeinteger
Number of groups to return per page. Maximum value is 30. If not specified, defaults to 10
- page_tokenstring
Token for pagination. Use the value returned in the 'next_page_token' field of the previous response
- updated_afterstring
Filter groups updated after this timestamp. Use ISO 8601 format
- include_detailboolean
If true, includes full group details. If false or not specified, returns basic information only
- cURL
- Node.js
- Python
- Go
- Java
curl --location 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/<organization_id>/directories/<directory_id>/groups' \
--header 'Authorization: Bearer <SCALEKIT_ACCESS_TOKEN>'
const { groups } = await scalekit.directory.listDirectoryGroups('<organization_id>', '<directory_id>');
directory_groups = scalekit_client.directory.list_directory_groups(
directory_id='<directory_id>', organization_id='<organization_id>'
)
options := &ListDirectoryGroupsOptions{
PageSize: 10,
PageToken:"",
}
directoryGroups, err := sc.Directory().ListDirectoryGroups(ctx, organizationId, directoryId, options)
var options = ListDirectoryResourceOptions.builder()
.pageSize(10)
.pageToken("")
.includeDetail(true)
.build();
ListDirectoryGroupsResponse groupsResponse = scalekitClient
.directories()
.listDirectoryGroups(directory.getId(), organizationId, options);
List Organization Directories
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- cURL
- Node.js
- Python
- Go
- Java
curl --location 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories'\
--header 'Authorization: Bearer <ACCESS_TOKEN>'
await scalekit.directory.listDirectories('<organization_id>');
directories_list = scalekit_client.directory.list_directories(
organization_id='<organization_id>'
)
directories,err := sc.Directory().ListDirectories(ctx, organizationId)
ListDirectoriesResponse response = scalekitClient.directories().listDirectories(organizationId);
Disable a Directory
Stops synchronization of users and groups from a specified directory within an organization. This operation prevents further updates from the connected Directory provider
- Parameters
- organization_idstringrequired
A unique identifier for the organization. The value must begin with 'org_' and be between 1 and 32 characters long
- idstringrequired
A unique identifier for a directory within the organization. The value must begin with 'dir_' and be between 1 and 32 characters long
- cURL
- Node.js
- Python
- Go
- Java
curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories/{directory_id}:disable'\
--header 'Authorization: Bearer <ACCESS_TOKEN>'
await scalekit.directory.disableDirectory(
'<organization_id>',
'<directory_id>'
);
directory_response = scalekit_client.directory.disable_directory(
directory_id='<directory_id>', organization_id='<organization_id>'
)
disable,err := sc.Directory().DisableDirectory(ctx, organizationId, directoryId)
ToggleDirectoryResponse disableResponse = scalekitClient
.directories()
.disableDirectory(directoryId, organizationId);
Machine-to-Machine (M2M) Clients
The M2M (Machine-to-Machine) API enables secure, automated interactions between software systems without human intervention. Use these endpoints to create and manage M2M clients that can securely access your API on behalf of an organization. Each client is uniquely identified by a client_id
and can be configured with authentication settings, scopes, and security parameters.
The M2M Client Object
- Attributes
- client_idstring
Unique identifier for the M2M client. This ID is used to identify the client in API requests and logs.
- namestring
A descriptive name for the M2M client that helps identify its purpose. This name is displayed in the dashboard and logs.
- descriptionstring
A detailed explanation of the client's purpose and usage. This helps administrators understand what the client is used for.
- organization_idstring
The ID of the organization that owns this M2M client. This ID is used to associate the client with the correct organization.
- scopesarray
The OAuth 2.0 scopes granted to this client. These scopes determine what resources and actions the client can access.
- audiencearray
The intended recipients of access tokens issued to this client. Each audience value should be a URI that identifies an API or service.
- custom_claimsarray
Additional claims included in access tokens issued to this client. These claims provide context about the client and can be used for authorization decisions.
Attributes
- keystring
The name of the custom claim. Must be between 1 and 128 characters.
- valuestring
The value of the custom claim. This value will be included in access tokens issued to the client.
- expiryinteger
The lifetime of access tokens issued to this client, in seconds. This determines how long a token remains valid before it must be refreshed.
- secretsarray
List of client secrets associated with this client. Each secret can be used for authentication, but only the most recently created secret is typically active.
Attributes
- idstring
The unique identifier for this client secret.
- secret_suffixstring
A suffix that helps identify this secret. This is the last few characters of the full secret value.
- statusenum
The current status of this secret.
Possible values
ACTIVEINACTIVE - create_timestring
The timestamp when this secret was created.
- expire_timestring
The timestamp when this secret will expire.
- last_used_timestring
The timestamp when this secret was last used for authentication.
- create_timestring
The timestamp when this M2M client was created.
- update_timestring
The timestamp when this M2M client was last updated.
Create an Organization M2M Client
Creates a new M2M client for an organization. This endpoint registers a new client application that can securely access your API on behalf of the organization. The response includes a client ID and secret that should be used for OAuth 2.0 client credentials flow. The plain secret is only returned once during creation and must be stored securely.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- Request Body
- audiencearray
The intended recipients of the access tokens issued to this client. Each audience value should be a URI that identifies the API or service that will validate the token.
- custom_claimsarray
Additional claims to be included in access tokens issued to this client. These claims provide context about the client and can be used for authorization decisions. Keep claims minimal to avoid increasing token size.
- descriptionstring
A detailed explanation of the client's purpose and usage. This helps administrators understand what the client is used for and who manages it.
- expirystring
The lifetime of access tokens issued to this client, in seconds. This value determines how long a token remains valid before it must be refreshed. Defaults to 3600 (1 hour) if not specified.
- namestring
A descriptive name for the M2M client that helps identify its purpose. This name is displayed in the dashboard and logs. Must be between 1 and 128 characters.
- scopesarray
OAuth 2.0 scopes that define the permissions granted to this client. Each scope represents a specific permission or set of permissions. The client can only access resources that match its granted scopes.
- cURL
curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients' \
--request POST \
--header 'Content-Type: application/json' \
--data '{
"audience": [
"https://api.example.com/api/analytics",
"https://deployment-api.acmecorp.com"
],
"custom_claims": [
{
"key": "environment",
"value": "production"
},
{
"key": "service",
"value": "deployment"
}
],
"description": "Service account for GitHub Actions to deploy applications to production",
"expiry": 3600,
"name": "GitHub Actions Deployment Service",
"scopes": [
"deploy:applications",
"read:deployments"
]
}'
Get Organization M2M Client
Retrieves the configuration details for an organization's M2M client. This endpoint returns the client's metadata, including its scopes, audience values, custom claims, and associated secrets. Use this to verify client settings or retrieve the list of active secrets.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- client_idstringrequired
Unique identifier of the M2M client
- cURL
curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}'
Update Organization M2M client details
Updates the configuration settings for an organization's M2M client. This endpoint allows you to modify client properties such as scopes, audience values, and custom claims. Use this to adjust access permissions or update metadata for the client. Note that client_id and create_time are immutable and cannot be modified.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- client_idstringrequired
Unique identifier of the client
- Request Body
- audiencearray
The intended recipients of the access tokens issued to this client. Each audience value should be a URI that identifies the API or service that will validate the token.
- custom_claimsarray
Additional claims to be included in access tokens issued to this client. These claims provide context about the client and can be used for authorization decisions. Keep claims minimal to avoid increasing token size.
- descriptionstring
A detailed explanation of the client's purpose and usage. This helps administrators understand what the client is used for and who manages it.
- expirystring
The lifetime of access tokens issued to this client, in seconds. This value determines how long a token remains valid before it must be refreshed. Defaults to 3600 (1 hour) if not specified.
- namestring
A descriptive name for the M2M client that helps identify its purpose. This name is displayed in the dashboard and logs. Must be between 1 and 128 characters.
- scopesarray
OAuth 2.0 scopes that define the permissions granted to this client. Each scope represents a specific permission or set of permissions. The client can only access resources that match its granted scopes.
- cURL
curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}' \
--request PATCH \
--header 'Content-Type: application/json' \
--data '{
"audience": [
"https://api.example.com/api/analytics",
"https://deployment-api.acmecorp.com"
],
"custom_claims": [
{
"key": "environment",
"value": "production"
},
{
"key": "service",
"value": "deployment"
}
],
"description": "Service account for GitHub Actions to deploy applications to production",
"expiry": 3600,
"name": "GitHub Actions Deployment Service",
"scopes": [
"deploy:applications",
"read:deployments"
]
}'
Delete an Organization M2M Client
Permanently deletes an M2M client from an organization. This operation cannot be undone and will revoke all access for the client. All associated secrets will also be invalidated. Use this endpoint to remove unused or compromised clients.
- Parameters
- organization_idstringrequired
Unique identifier of the organization that owns the client. Must start with 'org_' prefix.
- client_idstringrequired
Unique identifier of the M2M client to permanently delete. Must start with 'm2morg_' prefix.
- cURL
curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}' \
--request DELETE
Create a Secret for Organization M2M Client
Generates a new client secret for an organization's M2M client. This endpoint creates a secure credential that can be used for OAuth 2.0 client credentials flow. The plain secret is only returned once during creation and should be stored securely by the client application. Use this endpoint to rotate secrets or create additional credentials for different environments.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- client_idstringrequired
Unique identifier of the client
- cURL
curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}/secrets' \
--request POST
Delete an Organization M2M Client Secret
Permanently deletes a client secret for an organization's M2M client. This operation cannot be undone. Use this endpoint to remove compromised or unused secrets. After deletion, the secret can no longer be used for authentication. Consider creating a new secret before deleting the old one to avoid service interruption.
- Parameters
- organization_idstringrequired
Unique identifier of the organization
- client_idstringrequired
Unique identifier of the client
- secret_idstringrequired
Unique identifier of the client secret
- cURL
curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}/secrets/{secret_id}' \
--request DELETE
Webhooks
A webhook (also called a web callback or HTTP push API) is a way for Scalekit to provide your applications with real-time information. A webhook delivers data to your applications as it happens, meaning you get data immediately, unlike typical APIs where you would need to poll for data very frequently to get it in real-time. Events represent specific actions or changes, while webhooks are the mechanism used to deliver these event notifications to your specified endpoint.
By leveraging webhooks, you can build responsive and dynamic integrations that react immediately to changes in Scalekit System, enabling you to keep your systems in sync and automate user lifecycle management and other related use cases.
Event Object
Every webhook payload has two key components: Event Metadata and Event Data.
- Event Metadata
- spec_versionstring
Version of the event specification (currently '1')
- idstring
Unique identifier for the specific event
- objectstring
The type of object affected (Example: 'DirectoryUser')
- environment_idstring
Identifier for the environment
- occurred_atstring
Timestamp of when the event occurred
- organization_idstring
Identifier for the organization
- typestring
Specifies the exact event type (Example: 'organization.directory.user_created' for user creation)
- dataobject
Contains latest object data after the event
{
"spec_version": "1",
"id": "evt_123456789",
"object": "DirectoryUser",
"environment_id": "env_123456789",
"occurred_at": "2024-08-21T10:20:17.072Z",
"organization_id": "org_123456789",
"type": "organization.directory.user_created",
"data": {
// Event Data
}
}
SCIM Provisioning
Directory Created
This webhook triggers when a new directory connection is created. The event type is
organization.directory_created
- Event Data
- directory_typestring
Type of directory protocol used for synchronization
- idstring
Unique identifier for the directory connection
- organization_idstring
Unique identifier of the organization associated with this directory
- providerstring
Identity provider for the directory connection
Directory Enabled
This webhook is triggered when a directory sync is enabled. The event type is
organization.directory_enabled
- Event Data
- idstring
Unique identifier for the directory connection
- directory_typestring
The type of directory synchronization
- enabledboolean
Indicates if the directory sync is enabled
- environment_idstring
Identifier for the environment
- last_sync_atnull
Timestamp of the last synchronization, null if not yet synced
- organization_idstring
Identifier for the organization
- providerstring
The provider of the directory
- updated_atstring
Timestamp of when the configuration was last updated
- occurred_atstring
Timestamp of when the event occurred
Directory Disabled
This webhook is triggered when a directory sync is disabled. The event type is
organization.directory_disabled
- Event Data
- directory_typestring
Type of directory protocol used for synchronization
- enabledboolean
Indicates whether the directory synchronization is currently enabled or disabled
- idstring
Unique identifier for the directory connection
- last_sync_atstring
Timestamp of the most recent directory synchronization
- organization_idstring
Unique identifier of the organization associated with this directory
- providerstring
Identity provider for the directory connection
- statusstring
Current status of the directory synchronization process
- updated_atstring
Timestamp of the most recent update to the directory connection
- occurred_atstring
Timestamp of when the event occurred
Directory User Created
This webhook is triggered when a new directory user is created. The event type is
organization.directory.user_created
- Event Data
- idstring
Unique ID of the Directory User
- organization_idstring
Unique ID of the Organization to which this directory user belongs
- dp_idstring
Unique ID of the User in the Directory Provider (IdP) system
- preferred_usernamestring
Preferred username of the directory user
- emailstring
Email of the directory user
- activeboolean
Indicates if the directory user is active
- namestring
Fully formatted name of the directory user
- rolesarray
Array of roles assigned to the directory user
Child Attributes
rolestringRole of the directory user
namestringName of the directory user
- groupsarray
Array of groups to which the directory user belongs
Child Attributes
idstringID of the directory group
namestringName of the directory group
- given_namestring
Given name of the directory user
- family_namestring
Family name of the directory user
- nicknamestring
Nickname of the directory user
- picturestring
URL of the directory user's profile picture
- phone_numberstring
Phone number of the directory user
- addressobject
Address of the directory user
Child Attributes
postal_codestringPostal code of the directory user address
statestringState of the directory user address
formattedstringFormatted address of the directory user
- custom_attributesobject
Custom attributes of the directory user
- raw_attributesobject
Raw attributes of the directory user as received from the Directory Provider (IdP)
Directory User Updated
This webhook is triggered when a directory user is updated. The event type is
organization.directory.user_updated
- Event Data
- idstring
Unique ID of the Directory User
- organization_idstring
Unique ID of the Organization to which this directory user belongs
- dp_idstring
Unique ID of the User in the Directory Provider (IdP) system
- preferred_usernamestring
Preferred username of the directory user
- emailstring
Email of the directory user
- activeboolean
Indicates if the directory user is active
- namestring
Fully formatted name of the directory user
- rolesarray
Array of roles assigned to the directory user
Child Attributes
rolestringRole of the directory user
namestringName of the directory user
- groupsarray
Array of groups to which the directory user belongs
Child Attributes
idstringID of the directory group
namestringName of the directory group
- given_namestring
Given name of the directory user
- family_namestring
Family name of the directory user
- nicknamestring
Nickname of the directory user
- picturestring
URL of the directory user's profile picture
- phone_numberstring
Phone number of the directory user
- addressobject
Address of the directory user
Child Attributes
postal_codestringPostal code of the directory user address
statestringState of the directory user address
formattedstringFormatted address of the directory user
- custom_attributesobject
Custom attributes of the directory user
- raw_attributesobject
Raw attributes of the directory user as received from the Directory Provider (IdP)
Directory User Deleted
This webhook is triggered when a directory user is deleted. The event type is
organization.directory.user_deleted
- Event Data
- idstring
Unique ID of the Directory User
- organization_idstring
Unique ID of the Organization to which this directory user belongs
- dp_idstring
Unique ID of the User in the Directory Provider (IdP) system
- emailstring
Email of the directory user
Directory Group Created
This webhook is triggered when a new directory group is created. The event type is organization.directory.group_created
- Event Data
- directory_idstring
Unique identifier for the directory
- display_namestring
Display name of the directory group
- external_idnull
External identifier for the group, null if not specified
- idstring
Unique identifier for the directory group
- organization_idstring
Identifier for the organization associated with the group
- raw_attributesobject
Raw attributes of the directory provider
- environment_idstring
Identifier for the environment where the event occurred
- idstring
Unique identifier for the event
- objectstring
Type of object the event relates to
- occurred_atstring
Timestamp when the event occurred
- organization_idstring
Identifier for the organization associated with the event
- spec_versionstring
Specification version of the event
- typestring
Type of the event, indicating the action that occurred
Directory Group Updated
This webhook is triggered when a directory group is updated. The event type is
organization.directory.group_updated
- Event Data
- directory_idstring
Unique identifier for the directory
- display_namestring
Display name of the directory group
- external_idnull
External identifier for the group, null if not specified
- idstring
Unique identifier for the directory group
- organization_idstring
Identifier for the organization associated with the group
- raw_attributesobject
Raw attributes of the directory group
- environment_idstring
Identifier for the environment where the event occurred
- idstring
Unique identifier for the event
- objectstring
Type of object the event relates to
- occurred_atstring
Timestamp when the event occurred
- organization_idstring
Identifier for the organization associated with the event
- spec_versionstring
Specification version of the event
- typestring
Type of the event, indicating the action that occurred
Directory Group Deleted
This webhook is triggered when a directory group is deleted. The event type is
organization.directory.group_deleted
- Event Data
- directory_idstring
Unique identifier for the directory
- display_namestring
Display name of the directory group
- dp_idstring
Unique identifier for the group in the directory provider system
- idstring
Unique identifier for the directory group
- organization_idstring
Identifier for the organization associated with the group
- raw_attributesobject
Raw attributes of the directory group as received from the provider
Child Attributes
displayNamestringDisplay name of the group as received from the directory provider
externalIdstringExternal identifier for the group in the directory provider system
membersarrayArray of members in the group
Child Attributes
valuestringUnique identifier for the group member
- environment_idstring
Identifier for the environment where the event occurred
- idstring
Unique identifier for the event
- objectstring
Type of object the event relates to
- occurred_atstring
Timestamp when the event occurred
- organization_idstring
Identifier for the organization associated with the event
- spec_versionstring
Specification version of the event
- typestring
Type of the event, indicating the action that occurred