Introduction

Scalekit API is modeled around the REST architecture style. That means, our API has predictable resource-oriented URLs, accepts form-encoded request bodies and produces JSON formatted responses, uses standard HTTP verbs and error codes.

Apart from REST APIs, we have published SDKs in some of the popular languages as shown below. You can use these SDKs and integrate with Scalekit much faster.

Some additional instructions around using our APIs

• API Endpoint Host must use the Environment URL of the environment you are targeting.
• API requests without appropriate authentication headers will fail with 401 status code.

Read below to understand more about how to authenticate the API calls and how to handle errors appropriately.

Just getting Started?

Refer to our Quick Start Guide

Setup SDK

Node.js

npm install @scalekit-sdk/node

Python

pip install scalekit-sdk-python

Go

go get -u github.com/scalekit-inc/scalekit-sdk-go

Java

/* Gradle users - add the following to your dependencies in build file */
implementation "com.scalekit:scalekit-sdk-java:1.1.2"

<!-- Maven users - add the following to your `pom.xml` -->
<dependency>
    <groupId>com.scalekit</groupId>
    <artifactId>scalekit-sdk-java</artifactId>
    <version>1.1.2</version>
</dependency>

API Server Endpoint

# use the environment url found in API Config section
https://yourcompany.scalekit.com

# or, if you have enabled CNAME, you can use that too
https://auth.yoursaas.com

Authentication

Scalekit API uses OAuth2 Client Credentials based authentication. You can view and manage the necessary information from your API Config section in the Scalekit Dashboard.

You will need the following information to authenticate with Scalekit APIs

• Client ID
• Client Secret
• Environment URL

You can obtain a secure token by making POST call to the https://<ENV_URL>/oauth/token endpoint and sending client_id and client_secret as part of the request body.

API Authentication

cURL

curl -L 'https://<ENV_URL>/oauth/token' \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'client_id=skc_<client_id>' \
     -d 'client_secret=test_<client_secret>' \
     -d 'grant_type=client_credentials'

Node.js

import { Scalekit } from '@scalekit-sdk/node';

const scalekit = new Scalekit(
  '<SCALEKIT_ENVIRONMENT_URL>',
  '<SCALEKIT_CLIENT_ID>',
  '<SCALEKIT_CLIENT_SECRET>',
);

Python

from scalekit import ScalekitClient

scalekit_client = ScalekitClient(
  "<SCALEKIT_ENVIRONMENT_URL>",
  "<SCALEKIT_CLIENT_ID>",
  "<SCALEKIT_CLIENT_SECRET>"
)

Go

import (
  "github.com/scalekit-inc/scalekit-sdk-go"
)

func main() {
  scalekitClient := scalekit.NewClient(
    "<SCALEKIT_ENVIRONMENT_URL>",
    "<SCALEKIT_CLIENT_ID>",
    "<SCALEKIT_CLIENT_SECRET>"
  )
}

Java

package com.scalekit;

import com.scalekit.ScalekitClient;

public class Main {
  public static void main(String[] args) {

  ScalekitClient scalekitClient = new ScalekitClient(
      "<SCALEKIT_ENVIRONMENT_URL>",
      "<SCALEKIT_CLIENT_ID>",
      "<SCALEKIT_CLIENT_SECRET>"
    );
  }

Response

{
  "access_token": "DCR5c8139165228a82e442445fe01c16",
  "token_type": "bearer",
  "expires_in": 1799
}

Using Access Token

The access_token is the OAuth access token you need to use for all subsequent API calls to Scalekit.

To make a request to one of our APIs, you need to include the access token in the Authorization header of the request as Bearer 'access_token'.

Please make sure that you keep your Client Secrets safely. Do not share your client secret in publicly accessible areas such as GitHub, client-side code, etc.

Our SDKs will automatically handle the API authentication and error handling to make the job of using our APIs much easier for you.

Using Bearer Token

$ curl --request GET "https://{ENV_URL}/api/v1/organizations" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {access_token}"

Error Handling

As mentioned earlier, Scalekit APIs return appropriate HTTP Status Codes along with the detailed error messages in case of invalid usage of APIs.

You can see the list of different HTTP Status Codes and the error message format in the right pane. We strongly recommend you to handle errors gracefully while writing code using our SDKs.

Error Codes

HTTP Status	Description
200 or 201	API request is successful
400	The request was unacceptable, often due to missing a required parameter.
401	Invalid Authentication Headers found in the request.
404	Resource not found
429	Too many requests hit the API too quickly. Retry the request after a cool-off period.
500 or 501 or 504	Something went wrong at our end. These are usually a very rare occurrence. We automatically log these requests for alert our on-call engineers

401: Error Message

{
  "code": 16,
  "message": "Token empty",
  "details": [
    {
      "@type": "type.googleapis.com/scalekit.v1.errdetails.ErrorInfo",
      "error_code": "UNAUTHENTICATED"
    }
  ]
}

Single Sign-on

When you need one of your customers to login via Enterprise SSO, you can redirect them to Scalekit's Authorization URL with necessary details about the organization or the SSO connection. Scalekit will seamlessly deal with integrating with any Identity Provider and exchanges user information via SAML or OIDC or OAuth2.

More details about the Single Sign-on flow is described here

Endpoints

get/oauth/authorizepost/oauth/token

Authorization URL

Authorization URL initiates the Login flow with Scalekit.

Scalekit expects atleast one of the following parameters to be present. The parameters are used to determine the SSO connection used to Login in the user.

domain - Email domain of the user. Domain should be mapped to an Organization. The SSO connection from the org would be used to login to the app.

connection_id - ID of the SSO connection. If the Connection's status is active, the user will be redirected to the SSO Connection's identity provider configured.

organization_id - ID of Organization. The user will be redirected to the SSO connection's identity provider configured for that organization.

provider - ID of SSO Provider, Incase of Social Logins . e.g google

• Parameters
• client_idstringrequired

  The client ID string that you obtain from the API Credentials page

• redirect_uristringrequired

  Determines where the response is sent. The value of this parameter must exactly match one of the authorized redirect values that you set in the API Credentials page (including the HTTP or HTTPS scheme, case, and trailing '/', if any).

• domainstring

  Domain part of the email address that is mapped to an organization. Example. yourcustomer.com

• connection_idstring

  Connection ID for which the SSO flow must be initiated for. If the Connection's status is active, the user will be redirected to the SSO Connection's identity provider configured

• organization_idstring

  Organization ID for which the SSO flow must be initiated for. Based on the organization ID supplied, the user will be redirected to the SSO connection's identity provider configured for that organization.

• providerstring

  Key for the Social SSO Provider. This is common to all Organizations. e.g. google, github, linkedin, gitlab, microsoft, salesforce

• response_typestringrequired

  Value must be code

• scopestringrequired

  Value must be openid email profile

• statestring

  An opaque string that is round-tripped in the protocol; that is to say, it is returned back as-is as a URI parameter in the Basic flow. The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request initiated by your app.

  State will be useful if you would like to retain some information about the user that you would like to use at the end of the login flow. E.g. deep link URL in your product to redirect the user to after a successful login.

  If you generate a random string or encode the hash of some client state (e.g., a cookie) in this state variable, you can validate the response to additionally ensure that the request and response originated in the same browser. This additional validation offers protection against attacks such as cross-site request forgery.

• noncestring

  A random value generated by your app that enables replay protection.

• login_hintstring

  When your app knows the email address of the user it is trying to authenticate, it can provide this parameter as a hint to the authentication server and Scalekit will pass this information to your customer's identity provider. Some identity providers prefill the login box with this value to make the login experience easier for the end user.

• code_challengestring

  A challenge code generated from code_verifier that is required for PKCE flows. This is used ensure if the request was handled by the right parties. The string is stored by Scalekit to be used when validating the token request with a code_verifier. A code_challenge is generated as follows code_challenge = SHA256(code_verifier) .

• code_challenge_methodstring

  The algorithm used to process the code challenge. The value should be S256

cURL

curl --request GET \
  --url 'https://$env_url/oauth/authorize
  ?client_id=skc_12344
  &redirect_uri=https%3A%2F%2Fmysaasapp.com%2Fredirect_uri
  &response_type=code
  &state=hf68uyjh2189iuhj56789
  &scope=openid email profile'

Node.js

import { ScalekitClient } from '@scalekit-sdk/node';

// Initialize the SDK client
const scalekit = new ScalekitClient('<SCALEKIT_ENVIRONMENT_URL>', '<SCALEKIT_CLIENT_ID>', '<SCALEKIT_CLIENT_SECRET>');

const options = {};

// Option 1: Authorization URL with the organization ID
options['organizationId'] = 'org_15421144869927830';

// Option 2: Authorization URL with login hint
options.connectionId = 'conn_15696105471768821';

// Option 3: Authorization URL with login hint
options.loginHint = 'user@example.com';

const authorizationURL = scalekit.getAuthorizationUrl(redirectUrl, options);

Python

from scalekit import ScalekitClient, AuthorizationUrlOptions, CodeAuthenticationOptions

# Initialize the SDK client
scalekit_client = ScalekitClient(
  "<SCALEKIT_ENVIRONMENT_URL>",
  "<SCALEKIT_CLIENT_ID>",
  "<SCALEKIT_CLIENT_SECRET>"
)

options = AuthorizationUrlOptions()


# Option 1: Authorization URL with the organization ID
options.organization_id = 'org_15421144869927830'

# Option 2: Authorization URL with login hint
options.login_hint = 'user@example.com'

# Option 3: Authorization URL with the connection ID
options.connection_id = 'conn_15696105471768821'

authorization_url = scalekit_client.get_authorization_url(
  redirect_uri=<redirect_uri>,
  options=options
)

# Redirect the user to this authorization URL

Go

import (
  "github.com/scalekit/scalekit-sdk-go"
)

func main() {
  // Initialize the SDK client
  sc := scalekit.NewScalekitClient(
    "<SCALEKIT_ENVIRONMENT_URL>",
    "<SCALEKIT_CLIENT_ID>",
    "<SCALEKIT_CLIENT_SECRET>"
  )

  options := scalekit.AuthorizationUrlOptions{}

  // Option 1: Authorization URL with the organization ID
  options.OrganizationId = "org_15421144869927830"

  // Option 2: Authorization URL with the connection ID
  options.ConnectionId = "conn_15696105471768821"

  // Option 3: Authorization URL with Login Hint
  // User's email domain detects the correct enterprise SSO connection.
  options.LoginHint = "user@example.com"

  authorizationURL := sc.GetAuthorizationUrl(
    redirectUrl,
    options,
  )
   // Next step is to redirect the user to this authorization URL
}

// Redirect the user to this authorizationURL

Java

package com.scalekit;

import com.scalekit.ScalekitClient;
import com.scalekit.internal.http.AuthorizationUrlOptions;

public class Main {

  public static void main(String[] args) {
    // Initialize the SDK client
    ScalekitClient scalekitClient = new ScalekitClient(
      "<SCALEKIT_ENVIRONMENT_URL>",
      "<SCALEKIT_CLIENT_ID>",
      "<SCALEKIT_CLIENT_SECRET>"
    );
    AuthorizationUrlOptions options = new AuthorizationUrlOptions();
    // Option 1: Authorization URL with the organization ID
    options.setOrganizationId("org_13388706786312310");
    // Option 2: Authorization URL with the connection ID
    options.setConnectionId("con_13388706786312310");
    // Option 3: Authorization URL with Login Hint
    // User's email domain detects the correct enterprise SSO connection.
    options.setLoginHint("user@example.com");
    try {
      String url = scalekitClient.authentication().getAuthorizationUrl(redirectUrl, options).toString();
    } catch (Exception e) {
      System.out.println(e.getMessage());
    }
  }
}
// Redirect the user to this authorizationURL

Response

User will be redirected to the appropriate Identity provider's login page based on either organization_id, or connection_id or domain.

Token URL

The code provided to the Redirect URI. Code can be exchanged for a ID Token containing the user details using the Token URL.

• Parameters
• Request Body
• codestringrequired

  The code received by the Redirect URI as part of the Authentication Response.

• redirect_uristringrequired

  The redirect URI where this code was received. This will used to validate the code to make the code was infact generated for this redirect_uri.

• client_idstringrequired

  Unique client ID that represents your application.

• client_secretstringrequired

  The client secret to authorize the client.

• grant_typestring

  Grant Type must be authorization_code.

• code_verifierstring

  Used in PKCE flow, code_verifier is derived from the code_challenge presented at the Authorization Endpoint

cURL

curl --request POST \
  --url 'https://$env_url/oauth/token
  ?code=jhasd72
  &redirect_uri=https%3A%2F%2Fmysaasapp.com%2Fredirect_uri
  &client_id=skc_12344
  &client_secret=skc_prod_12441kjasad
  &grant_type=authorization_code'

Node.js

// Handle the oauth redirect
const { code, error, error_description } = req.query;
if (error) {
  // Handle error
  return throw new Error(error_description);
}

// Fetch user details by exchanding the code received in the request params
const { user } = await scalekit.authenticateWithCode(code, '<redirectUri>');

Python

# Handle oauth redirect_url, fetch code and error_description from request params
code = request.args.get('code')
error = request.args.get('error')
error_description = request.args.get('error_description')

if error:
    raise Exception(error_description)

result = scalekit_client.authenticate_with_code(
  code,
  "<redirect_uri>"
)
# result.user has the authenticated user's details
user_email = result.user.email

# Create a session and redirect the user to your dashboard

Go

// Handle the oauth redirect
code := r.URL.Query().Get("code")
err := r.URL.Query().Get("error")
errorDescription := r.URL.Query().Get("error_description")
if err != "" {
  return errors.New(errorDescription)
}

// Fetch user details by exchanding the code received in the request params
user, err := sc.AuthenticateWithCode(
  code,
  <redirectUri>
)
// `user` has the authenticated user's details
userEmail := user.Email

Java

String code = request.getParameter("code");
String error = request.getParameter("error");
String errorDescription = request.getParameter("error_description");

if(error != null && !error.isEmpty()) {
    // Handle errors
    return;
}
try {
    AuthenticationResponse res = scalekitClient.authentication().authenticateWithCode(code, redirectUrl);
    // res.getIdTokenClaims() has the authenticated user's details
    String userEmail = res.getIdTokenClaims().getEmail();

} catch (Exception e) {
    // Handle errors
}

Response

Loading...

Organization

Organization represents a customer or a tenant of your application. Use this to create enterprise Single Sign-on connections or Admin Portal links for your customers.

Endpoints

The Organization Object

• Attributes
• idstring

  Unique ID of the organization

• display_namestring

  Display Name of the Organization

• external_idstring

  Unique ID of this organization according to your system. You can store your unique ID for this organization in Scalekit's system and later use this to fetch Organization and Connection details. This is helpful if you don't want to persist Scalekit's Unique Identifiers in your database

• metadatamap

  Set of key-value pairs that you can attach to the Organization object. This can be useful for storing additional information about the Organization in a structured format.

• region_codeenum

  Region in which this organization data is stored in. By default, the environment's region_code is used to store this organization's data

  Possible values

  US

  EU
• create_timestring

  Timestamp at which this organization record was created in RFC 3339 format

• update_timestring

  Timestamp at which this organization record was last updated in RFC 3339 format

Organization Object

{
    "id": "org_2123312131125533",
    "display_name": "Acme Corp",
    "create_time": "2024-01-05T14:48:00.000Z",
    "external_id": "my_unique_id",
    "metadata": {
      "someKey": "somevalue"
    },
    "region_code": "US",
    "update_time": "…"
}

List Organizations

Retrieve a paginated list of organizations within your environment. The response includes a page_token that can be used to access subsequent pages of results.

• Parameters
• page_sizeinteger

  Maximum number of organizations to return per page. Must be between 10 and 100

• page_tokenstring

  Pagination token from the previous response. Use to retrieve the next page of organizations

• external_idstring

  Your application's unique identifier for this organization, used to link Scalekit with your system

cURL

curl --request GET \
  --url 'https://$env_url/api/v1/organizations'

Node.js

const organizations = await scalekit.organization.listOrganization({
  pageSize: 10,
});

Python

options = ListOrganizationOptions()
options.page_size = 10

organizations = sc.organization.list_organizations(
  options=options
)

Go

organizations, err := sc.Organization.ListOrganizations(
  ctx,
  &scalekit.ListOrganizationOptions{
    PageSize: 10,
  }
)

Java

ListOrganizationsResponse organizations = scalekitClient.organizations().listOrganizations(10, "");

Response

Loading...

Create an Organization

Creates a new organization in your environment. Use this endpoint to add a new tenant that can be configured with various settings and metadata

• Parameters
• Request Body
• display_namestring

  Name of the organization. Must be between 1 and 200 characters.

• external_idstring

  Your application's unique identifier for this organization, used to link Scalekit with your system.

• metadataobject

cURL

curl --location 'https://$ENV_URL/api/v1/organizations' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
  "display_name": "<string>",
  "external_id": "<string>",
  "metadata": {
    "esse47": "<string>"
  }
}'

Node.js

const organization = await sc.organization.createOrganization(name, {
  externalId: 'externalId',
});

Python

options = CreateOrganizationOptions()
options.external_id = "externalId"
organization = sc.organization.create_organization(
  name,
  options=options
)

Go

organization, err := sc.Organization.CreateOrganization(
  ctx,
  name,
  scalekit.CreateOrganizationOptions{
    ExternalID: "externalId",
  },
)

Java

CreateOrganization createOrganization = CreateOrganization.newBuilder().setDisplayName("Test Org").build();

Organization createdOrganization = scalekitClient.organizations().create(createOrganization);

Response

Loading...

Get Organization details

Retrieves organization details by Scalekit ID, including name, region, metadata, and settings

• Parameters
• idstringrequired

  Unique scalekit-generated identifier that uniquely references an organization

cURL

curl --request GET \
  --url 'https://$env_url/api/v1/organizations/{id}'

Node.js

const sc = new ScalekitClient(
  <SCALEKIT_ENVIRONMENT_URL>,
  <SCALEKIT_CLIENT_ID>,
  <SCALEKIT_CLIENT_SECRET>
);

const organization = await sc.organization.getOrganization(organization_id);

Python

sc = ScalekitClient(
  <SCALEKIT_ENVIRONMENT_URL>,
  <SCALEKIT_CLIENT_ID>,
  <SCALEKIT_CLIENT_SECRET>
)

organization = sc.organization.get_organization(
  organization_id
)

Go

sc := scalekit.NewScalekitClient(
  <SCALEKIT_ENVIRONMENT_URL>,
  <SCALEKIT_CLIENT_ID>,
  <SCALEKIT_CLIENT_SECRET>
)

organization, err := sc.Organization.GetOrganization(
  ctx,
  organizationId
)

Java

ScalekitClient scalekitClient = new ScalekitClient(
  "<SCALEKIT_ENVIRONMENT_URL>",
  "<SCALEKIT_CLIENT_ID>",
  "<SCALEKIT_CLIENT_SECRET>"
);

Organization organization = scalekitClient.organizations().getById(organizationId);

Response

Loading...

Update Organization details

Updates an organization's display name, external ID, or metadata. Requires a valid organization identifier. Region code cannot be modified through this endpoint.

• Parameters
• idstringrequired

  Unique identifier of the organization to be updated

• Request Body
• display_namestring

  Name of the organization to display in the UI. Must be between 1 and 200 characters

• external_idstring

  Your application's unique identifier for this organization, used to link Scalekit with your system

• metadataobject

  Custom key-value pairs to store with the organization. Keys must be 3-25 characters, values must be 1-256 characters. Maximum 10 pairs allowed.

cURL

curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{id}' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
  "display_name": "<string>",
  "external_id": "<string>",
  "metadata": {
    "culpa_561": "<string>"
  }
}'

Node.js

const organization = await sc.organization.updateOrganization(organization_id, {
  displayName: 'displayName',
  externalId: 'externalId',
});

Python

organization = sc.organization.update_organization(organization_id, {
  display_name: "display_name",
  external_id: "external_id"
})

Go

organization, err := sc.Organization.UpdateOrganization(
  ctx,
  organizationId,
  &scalekit.UpdateOrganization{
    DisplayName: "displayName",
    ExternalId: "externalId",
  },
)

Java

UpdateOrganization updateOrganization = UpdateOrganization.newBuilder()
  .setDisplayName("Updated Organization Name")
  .build();

Organization updatedOrganizationById = scalekitClient.organizations().updateById(organizationId, updateOrganization);

Response

Loading...

Toggle Organization settings

Updates configuration settings for an organization. Supports modifying SSO configuration, directory synchronization settings, and session parameters. Requires organization ID and the specific settings to update.

• Parameters
• idstringrequired

  Unique identifier of the organization to update settings. Must begin with 'org_' prefix

• Request Body
• featuresarray

  List of feature toggles that control organization capabilities such as SSO authentication and directory synchronization

cURL

curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organizations_id}/settings' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'\
--data '{
    "features":
    [
        {
            "name": "sso",
            "enabled": false
        },
        {
            "name": "dir_sync",
            "enabled": true
        }
    ]
}'

Node.js

const settings = {
  features: [{
    name: 'sso',
    enabled: true
  },
  {
    name: 'dir_sync',
    enabled: true
    },
  ],
}

await sc.organization.updateOrganizationSettings('<organization_id>', settings);

Python

settings = [
        {
            "name": "sso",
            "enabled": true
        },
        {
            "name": "dir_sync",
            "enabled": true
        }
    ]

scalekit_client.organization.update_organization_settings(
  organization_id='<organization_id>', settings=settings
)

Go

settings := OrganizationSettings{
		Features: []Feature{
			{
				Name:    "sso",
				Enabled: true,
			},
			{
				Name:    "dir_sync",
				Enabled: true,
			},
		},
	}

organization,err := sc.Organization().UpdateOrganizationSettings(ctx, organizationId, settings)

Java

 OrganizationSettingsFeature featureSSO = OrganizationSettingsFeature.newBuilder()
                .setName("sso")
                .setEnabled(true)
                .build();

OrganizationSettingsFeature featureDirectorySync = OrganizationSettingsFeature.newBuilder()
                .setName("dir_sync")
                .setEnabled(true)
                .build();

updatedOrganization = scalekitClient.organizations()
                .updateOrganizationSettings(organization.getId(), List.of(featureSSO, featureDirectorySync));

Response

Loading...

Delete an Organization

Remove an existing organization from the environment using its unique identifier

• Parameters
• idstringrequired

  Unique scalekit-generated identifier that uniquely references an organization

cURL

curl --location --request DELETE 'https://$ENV_URL/api/v1/organizations/{id}' \
--header 'Accept: application/json'

Node.js

await sc.organization.deleteOrganization(organizationId);

Python

sc.organization.delete_organization(organization_id)

Go

err := sc.Organization.DeleteOrganization(
  ctx,
  organizationId
)

Java

ScalekitClient scalekitClient = new ScalekitClient(
  "<SCALEKIT_ENVIRONMENT_URL>",
  "<SCALEKIT_CLIENT_ID>",
  "<SCALEKIT_CLIENT_SECRET>"
);

scalekitClient.organizations().deleteById(organizationId);

Response

Loading...

Admin Portal

Endpoints

Generate Admin Portal Link

Creates a time-limited Admin Portal URL for IT administrators to configure and manage Single Sign-On (SSO) connections within their organization. Generated links expire after 7 days (168 hours).

• Parameters
• idstringrequired

  Organization ID

• featuresarray

  Features to enable in the admin portal link. To enable features, append them as URL parameters:

  • Single Sign-On: ?features=sso
  • Directory Sync: ?features=dir_sync
  • Both features: ?features=sso&features=dir_sync

  Example URL: https://scalekit.com/portal/lnk_123?features=sso

  • dir_sync: dir_sync enables directory synchronization configuration in the portal
  • sso: sso enables Single Sign-On (SSO) configuration in the portal

cURL

curl --location --request PUT 'https://$ENV_URL/api/v1/organizations/{id}/portal_links' \
--header 'Authorization: Bearer {access_token}'

Node.js

const link = await sc.organization.generatePortalLink(organization_id);

Python

link = sc.organization.generate_portal_link(
  organization_id
)

Go

link, err := sc.Organization.GeneratePortalLink(
  ctx,
  organizationId
)

Java

Link portalLink = client
  .organizations()
  .generatePortalLink(organizationId, Arrays.asList(Feature.sso, Feature.dir_sync));

Response

Loading...

SSO Connection

Endpoints

The Connection Object

• Attributes
• idstring

  Unique ID of the Connection

• organization_idstring

  Organization ID to which this connection belongs to.

• providerenum
  Possible values

  OKTA

  GOOGLE

  MICROSOFT_AD

  AUTH0

  ONELOGIN

  PING_IDENTITY

  JUMPCLOUD

  CUSTOM
• statusenum
  Possible values

  DRAFT

  IN_PROGRESS

  COMPLETED
• enabledboolean
• typeenum
  Possible values

  OIDC

  SAML
• saml_configobject
  Child Attributes

  sp_entity_idstring

  sp_assertion_urlstring

  sp_metadata_urlstring

  idp_entity_idstring

  idp_sso_urlstring

  idp_metadata_urlstring

  idp_certificatesarray object

  Child Attributes

  certificatestring

  expiry_timestring

  issuerstring

  create_timestring

  idp_sso_request_bindingenum

  Possible values

  POST

  REDIRECT

  idp_slo_urlstring

  idp_slo_request_bindingenum

  Possible values

  POST

  REDIRECT

  saml_signing_optionenum

  Possible values

  NO_SIGNING

  SAML_ONLY_RESPONSE_SIGNING

  SAML_ONLY_ASSERTION_SIGNING

  SAML_RESPONSE_ASSERTION_SIGNING

  assertion_encryptedboolean

  want_request_signedboolean
• oidc_configobject
  Child Attributes

  authorize_uristring

  token_uristring

  discovery_endpointstring

  user_info_uristring

  jwks_uristring

  issuerstring

  redirect_uristring

  client_idstring

  client_secretstring

  scopesstring

  pkce_enabledboolean

  token_auth_typestring
• create_timestring

  Timestamp at which this organization record was created in RFC 3339 format

• update_timestring

  Timestamp at which this organization record was last updated in RFC 3339 format

Connection Object

Loading...

List Connections

Retrieves a list of connections in the environment

• Parameters
• organization_idstring

  Filter connections by organization identifier

• domainstring

  Filter connections by email domain associated with the organization

• includestring

  Comma-separated list of additional fields to include in the response

cURL

curl --request GET \
  --url 'https://$env_url/api/v1/connections'

Node.js

const connections = await sc.connection.listConnections(organizationId);

Python

connections = sc.connection.list_connections(
  organization_id
)

Go

connections, err := sc.Connection.ListConnections(
  ctx,
  organizationId
)

Java

ListConnectionsResponse response = scalekitClient.connections().listConnectionsByOrganization(organizationId);

Response

Loading...

Get Connection details

Retrieves the complete configuration and status details for a specific connection by its ID within an organization. Returns all connection properties including provider settings, protocols, and current status.

• Parameters
• organization_idstringrequired

  Organization identifier (required). Specifies which organization owns the connection you want to retrieve.

• idstringrequired

  Connection identifier (required). Specifies which specific connection to retrieve from the organization.

cURL

curl --location 'https://$ENV_URL/api/v1/organizations/{organization_id}/connections/{id}' \
--header 'Accept: application/json'

Node.js

const connection = await sc.connection.getConnection(
  organizationId,
  connectionId
);

Python

connection = sc.connection.get_connection(
  organization_id,
  connection_id,
)

Go

connection, err := sc.Connection.GetConnection(
  ctx,
  organizationId,
  connectionId,
)

Java

Connection connection = client.connections().getConnectionById(connectionId, organizationId);

Response

Loading...

Enable Organization Connection

Activate an existing connection for the specified organization. When enabled, users can authenticate using this connection. This endpoint changes the connection state from disabled to enabled without modifying other configuration settings

• Parameters
• organization_idstringrequired

  Unique identifier of the organization associated with the connection

• idstringrequired

  Unique identifier for the connection to be toggled

cURL

curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organization_id}/connections/{id}:enable' \
--header 'Accept: application/json'

Node.js

await sc.connection.enableConnection(organizationId, connectionId);

Python

sc.connection.enable_connection(
  organization_id,
  connection_id,
)

Go

err := sc.Connection.EnableConnection(
  ctx,
  organizationId,
  connectionId,
)

Java

ToggleConnectionResponse response = scalekitClient.connections().enableConnection(connectionId, organizationId);

Response

Loading...

Disable Organization Connection

Deactivate an existing connection for the specified organization. When disabled, users cannot authenticate using this connection. This endpoint changes the connection state from enabled to disabled without modifying other configuration settings

• Parameters
• organization_idstringrequired

  Unique identifier of the organization associated with the connection

• idstringrequired

  Unique identifier for the connection to be toggled

cURL

curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organization_id}/connections/{id}:disable' \
--header 'Accept: application/json'

Node.js

await sc.connection.disableConnection(organizationId, connectionId);

Python

sc.connection.disable_connection(
  organization_id,
  connection_id
)

Go

err := sc.Connection.DisableConnection(
  ctx,
  organizationId,
  connectionId,
)

Java

ToggleConnectionResponse response = scalekitClient.connections().disableConnection(connectionId, organizationId);

Response

Loading...

Directory

The Directory object represents a connection to a directory provider. You can programmatically enable or disable directories for an organization using the Directory API. Scalekit synchronizes and stores the users and groups from connected directories. The Directory API allows you to fetch users and groups from the directory on demand.

Endpoints

get/api/v1/organizations/{organization_id}/directoriesget/api/v1/organizations/{organization_id}/directories/{directory_id}/groupsget/api/v1/organizations/{organization_id}/directories/{directory_id}/usersget/api/v1/organizations/{organization_id}/directories/{id}patch/api/v1/organizations/{organization_id}/directories/{id}:disablepatch/api/v1/organizations/{organization_id}/directories/{id}:enable

The Directory Object

• Attributes
• idstring

  Unique identifier for the directory.

• namestring

  The name of the directory.

• directory_providerenum

  The directory provider.

  Possible values

  OKTA
• directory_typeenum

  The protocol used to connect to the directory.

  Possible values

  SCIM
• directory_endpointstring

  The URL endpoint for connecting to the directory.

• enabledboolean

  Indicates if the directory connection is enabled.

• statusenum

  The status of the directory connection.

  Possible values

  DRAFT
• organization_idstring

  The ID of the organization the directory belongs to.

• sourcestring

  The source of the directory.

• last_synced_atstring

  Timestamp of when the directory was last synced in RFC 3339 format.

• total_usersinteger

  The total number of users in the directory.

• total_groupsinteger

  The total number of groups in the directory.

• mappingsarray

  An array of attribute mappings between the directory and Scalekit.

  Attributes

  • keystring

    The attribute key in the directory.

  • map_tostring

    The attribute to map to in Scalekit.

  • display_namestring

    The display name for the mapped attribute.

• attribute_mappingsobject

  Object containing attribute mappings.

  Attributes

  • attributesarray

    Array of attribute mappings.

    Attributes

    • keystring

      The attribute key.

    • map_tostring

      The attribute to map to.

• role_assignmentsobject

  Object containing role assignments.

  Attributes

  • assignmentsarray

    Array of role assignments.

    Attributes

    • group_idstring

      The ID of the group to assign the role to.

    • role_idstring

      The ID of the role to assign.

• secretsarray

  An array of secrets associated with the directory.

  Attributes

  • idstring

    The ID of the secret.

  • directory_idstring

    The ID of the directory the secret belongs to.

  • secret_suffixstring

    The suffix of the secret.

  • statusenum

    The status of the secret.

    Possible values

    INACTIVE
  • create_timestring

    Timestamp of when the secret was created in RFC 3339 format.

  • expire_timestring

    Timestamp of when the secret expires in RFC 3339 format.

  • last_used_timestring

    Timestamp of when the secret was last used in RFC 3339 format.

• statsobject

  Object containing directory statistics.

  Attributes

  • total_usersinteger

    The total number of users in the directory.

  • total_groupsinteger

    The total number of groups in the directory.

  • user_updated_atstring

    Timestamp of when the user stats were last updated in RFC 3339 format.

  • group_updated_atstring

    Timestamp of when the group stats were last updated in RFC 3339 format.

Directory Object

Loading...

The Directory User Object

• Attributes
• idstring

  Unique identifier for the directory user. This is a system-generated unique identifier that distinguishes each user within the directory.

• organization_idstring

  Identifier of the organization to which the user belongs. This helps in segregating users across different organizational contexts.

• dp_idstring

  External identifier from the identity provider (IdP). This is the original user identifier as recognized by the source directory or identity management system.

• preferred_usernamestring

  The preferred username as defined by the identity provider. This may differ from the email address and is often used for login purposes.

• emailstring

  Primary email address associated with the user. Used for communication and often as a unique identifier.

• activeboolean

  Indicates the current status of the user account. When true, the user is active and can access the system; when false, the account is disabled.

• namestring

  Full name of the user, typically combining given name and family name.

• rolesarray

  List of roles assigned to the user, defining their permissions and access levels within the system.

  Role Object Attributes

  • rolestring

    Machine-readable identifier for the role.

  • namestring

    Human-readable name of the role.

• groupsarray

  Groups to which the user belongs, typically used for organizational or access management purposes.

  Group Object Attributes

  • idstring

    Unique identifier of the group.

  • namestring

    Name of the group.

• given_namestring

  User's first name or given name as provided by the identity provider.

• family_namestring

  User's last name or family name as provided by the identity provider.

• nicknamestring

  Informal or alternative name for the user, often used for casual identification.

• picturestring

  URL pointing to the user's profile picture or avatar.

• phone_numberstring

  Primary contact phone number for the user, including country code.

• addressobject

  Structured address information for the user.

  Address Object Attributes

  • postal_codestring

    Postal or ZIP code for the user's address.

  • statestring

    State or region of the user's address.

  • formattedstring

    Full, human-readable address string.

• custom_attributesobject

  Flexible key-value store for additional user-specific attributes not covered by standard fields.

• raw_attributesobject

  Unmodified payload directly from the directory provider, preserving all original attributes.

Directory User Object

Loading...

The Directory Group Object

• Attributes
• idstring

  Unique identifier for the directory group. This is a system-generated identifier that uniquely distinguishes each group within the directory.

• display_namestring

  Human-readable name of the group, typically used for display purposes in user interfaces and reports.

• total_usersinteger

  Total number of users currently assigned to this group. Provides a quick count of group membership.

• updated_atstring

  Timestamp indicating the last modification time of the group in RFC 3339 format. Useful for tracking recent changes to group composition.

Directory Group Object

Loading...

Enable a Directory

Activates a directory within an organization, allowing it to synchronize users and groups with the connected Directory provider

• Parameters
• organization_idstringrequired

  A unique identifier for the organization. The value must begin with 'org_' and be between 1 and 32 characters long

• idstringrequired

  A unique identifier for a directory within the organization. The value must begin with 'dir_' and be between 1 and 32 characters long

cURL

curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories/{directory_id}:enable'\
--header 'Authorization: Bearer <ACCESS_TOKEN>'

Node.js

await sc.directory.enableDirectory(
  '<organization_id>',
  '<directory_id>'
);

Python

directory_response = scalekit_client.directory.enable_directory(
  directory_id='<directory_id>', organization_id='<organization_id>'
)

Go

enable,err := sc.Directory().EnableDirectory(ctx, organizationId, directoryId)

Java

ToggleDirectoryResponse enableResponse = client
  .directories()
  .enableDirectory(directoryId, organizationId);

Response

Loading...

Get Directory details

Retrieves detailed information about a specific directory within an organization

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• idstringrequired

  Unique identifier of the directory

cURL

curl --location 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories/{directory_id}' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'

Node.js

const { directory } = await scalekit.directory.getDirectory(
  organizationId,
  directoryId
);

Python

directory = scalekit_client.directory.get_directory(
  directory_id='<directory_id>', organization_id='<organization_id>'
)
print(f'Directory details: {directory}')

Go

directory, err := sc.Directory().GetDirectory(ctx, organizationId, directoryId)

Java

Directory directory = scalekitClient.directories().getDirectory(directoryId, organizationId);

Get Primary Directory (Alternative)

Node.js

const { directory } = await scalekit.directory.getPrimaryDirectoryByOrganizationId(
  organizationId
  );

Python

primary_directory = scalekit_client.directory.get_primary_directory_by_organization_id(
  organization_id='<organization_id>'
)

Go

directory,err := sc.Directory().GetPrimaryDirectoryByOrganizationId(ctx, organizationId)

Java

Directory directory = client.directories().getPrimaryDirectoryByOrganizationId(organizationId);

Response

Loading...

List Directory Users

Retrieves a list of all users within a specified directory for an organization. This endpoint allows you to view user accounts associated with your connected Directory Providers.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• directory_idstringrequired

  Unique identifier of the directory within the organization

• page_sizeinteger

  Number of users to return per page. Maximum value is 30. If not specified, defaults to 10

• page_tokenstring

  Token for pagination. Use the value returned in the 'next_page_token' field of the previous response to retrieve the next page of results

• include_detailboolean

  If set to true, the response will include the full user payload with all available details. If false or not specified, only essential user information will be returned

• directory_group_idstring

  Filter users by their membership in a specific directory group

• updated_afterstring

  Filter users that were updated after the specified timestamp. Use ISO 8601 format

cURL

curl --location 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/<organization_id>/directories/<directory_id>/users' \
--header 'Authorization: Bearer <SCALEKIT_ACCESS_TOKEN>'

Node.js

const { users } = await scalekit.directory.listDirectoryUsers('<organization_id>', '<directory_id>');

Python

directory_users = scalekit_client.directory.list_directory_users(
  directory_id='<directory_id>', organization_id='<organization_id>'
)

Go

options := &ListDirectoryUsersOptions{
		PageSize: 10,
		PageToken: "",
	}
directoryUsers,err := sc.Directory().ListDirectoryUsers(ctx, organizationId, directoryId, options)

Java

var options = ListDirectoryResourceOptions.builder()
  .pageSize(10)
  .pageToken("")
  .includeDetail(true)
  .build();

ListDirectoryUsersResponse usersResponse = scalekitClient
  .directories()
  .listDirectoryUsers(directory.getId(), organizationId, options);

Response

Loading...

List Directory Groups

Retrieves all groups from a specified directory. Use this endpoint to view group structures from your connected identity provider.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• directory_idstringrequired

  Unique identifier of the directory

• page_sizeinteger

  Number of groups to return per page. Maximum value is 30. If not specified, defaults to 10

• page_tokenstring

  Token for pagination. Use the value returned in the 'next_page_token' field of the previous response

• updated_afterstring

  Filter groups updated after this timestamp. Use ISO 8601 format

• include_detailboolean

  If true, includes full group details. If false or not specified, returns basic information only

cURL

curl --location 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/<organization_id>/directories/<directory_id>/groups' \
--header 'Authorization: Bearer <SCALEKIT_ACCESS_TOKEN>'

Node.js

const { groups } = await scalekit.directory.listDirectoryGroups('<organization_id>', '<directory_id>');

Python

directory_groups = scalekit_client.directory.list_directory_groups(
  directory_id='<directory_id>', organization_id='<organization_id>'
)

Go

options := &ListDirectoryGroupsOptions{
		PageSize: 10,
		PageToken:"",
	}

directoryGroups, err := sc.Directory().ListDirectoryGroups(ctx, organizationId, directoryId, options)

Java

var options = ListDirectoryResourceOptions.builder()
  .pageSize(10)
  .pageToken("")
  .includeDetail(true)
  .build();

ListDirectoryGroupsResponse groupsResponse = scalekitClient
  .directories()
  .listDirectoryGroups(directory.getId(), organizationId, options);

Response

Loading...

List Organization Directories

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

cURL

curl --location 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories'\
--header 'Authorization: Bearer <ACCESS_TOKEN>'

Node.js

await scalekit.directory.listDirectories('<organization_id>');

Python

directories_list = scalekit_client.directory.list_directories(
	organization_id='<organization_id>'
)

Go

directories,err := sc.Directory().ListDirectories(ctx, organizationId)

Java

ListDirectoriesResponse response = scalekitClient.directories().listDirectories(organizationId);

Response

Loading...

Disable a Directory

Stops synchronization of users and groups from a specified directory within an organization. This operation prevents further updates from the connected Directory provider

• Parameters
• organization_idstringrequired

  A unique identifier for the organization. The value must begin with 'org_' and be between 1 and 32 characters long

• idstringrequired

  A unique identifier for a directory within the organization. The value must begin with 'dir_' and be between 1 and 32 characters long

cURL

curl --location --request PATCH 'https://$ENV_URL/api/v1/organizations/{organizations_id}/directories/{directory_id}:disable'\
--header 'Authorization: Bearer <ACCESS_TOKEN>'

Node.js

await scalekit.directory.disableDirectory(
  '<organization_id>',
  '<directory_id>'
);

Python

directory_response = scalekit_client.directory.disable_directory(
  directory_id='<directory_id>', organization_id='<organization_id>'
)

Go

disable,err := sc.Directory().DisableDirectory(ctx, organizationId, directoryId)

Java

ToggleDirectoryResponse disableResponse = scalekitClient
  .directories()
  .disableDirectory(directoryId, organizationId);

Response

Loading...

Machine-to-Machine (M2M) Clients

The M2M (Machine-to-Machine) API enables secure, automated interactions between software systems without human intervention. Use these endpoints to create and manage M2M clients that can securely access your API on behalf of an organization. Each client is uniquely identified by a client_id and can be configured with authentication settings, scopes, and security parameters.

Endpoints

post/api/v1/organizations/{organization_id}/clientsget/api/v1/organizations/{organization_id}/clients/{client_id}delete/api/v1/organizations/{organization_id}/clients/{client_id}patch/api/v1/organizations/{organization_id}/clients/{client_id}post/api/v1/organizations/{organization_id}/clients/{client_id}/secretsdelete/api/v1/organizations/{organization_id}/clients/{client_id}/secrets/{secret_id}

The M2M Client Object

• Attributes
• client_idstring

  Unique identifier for the M2M client. This ID is used to identify the client in API requests and logs.

• namestring

  A descriptive name for the M2M client that helps identify its purpose. This name is displayed in the dashboard and logs.

• descriptionstring

  A detailed explanation of the client's purpose and usage. This helps administrators understand what the client is used for.

• organization_idstring

  The ID of the organization that owns this M2M client. This ID is used to associate the client with the correct organization.

• scopesarray

  The OAuth 2.0 scopes granted to this client. These scopes determine what resources and actions the client can access.

• audiencearray

  The intended recipients of access tokens issued to this client. Each audience value should be a URI that identifies an API or service.

• custom_claimsarray

  Additional claims included in access tokens issued to this client. These claims provide context about the client and can be used for authorization decisions.

  Attributes

  • keystring

    The name of the custom claim. Must be between 1 and 128 characters.

  • valuestring

    The value of the custom claim. This value will be included in access tokens issued to the client.

• expiryinteger

  The lifetime of access tokens issued to this client, in seconds. This determines how long a token remains valid before it must be refreshed.

• secretsarray

  List of client secrets associated with this client. Each secret can be used for authentication, but only the most recently created secret is typically active.

  Attributes

  • idstring

    The unique identifier for this client secret.

  • secret_suffixstring

    A suffix that helps identify this secret. This is the last few characters of the full secret value.

  • statusenum

    The current status of this secret.

    Possible values

    ACTIVE

    INACTIVE
  • create_timestring

    The timestamp when this secret was created.

  • expire_timestring

    The timestamp when this secret will expire.

  • last_used_timestring

    The timestamp when this secret was last used for authentication.

• create_timestring

  The timestamp when this M2M client was created.

• update_timestring

  The timestamp when this M2M client was last updated.

M2M Client Object

Loading...

Create an Organization M2M Client

Creates a new M2M client for an organization. This endpoint registers a new client application that can securely access your API on behalf of the organization. The response includes a client ID and secret that should be used for OAuth 2.0 client credentials flow. The plain secret is only returned once during creation and must be stored securely.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• Request Body
• audiencearray

  The intended recipients of the access tokens issued to this client. Each audience value should be a URI that identifies the API or service that will validate the token.

• custom_claimsarray

  Additional claims to be included in access tokens issued to this client. These claims provide context about the client and can be used for authorization decisions. Keep claims minimal to avoid increasing token size.

• descriptionstring

  A detailed explanation of the client's purpose and usage. This helps administrators understand what the client is used for and who manages it.

• expirystring

  The lifetime of access tokens issued to this client, in seconds. This value determines how long a token remains valid before it must be refreshed. Defaults to 3600 (1 hour) if not specified.

• namestring

  A descriptive name for the M2M client that helps identify its purpose. This name is displayed in the dashboard and logs. Must be between 1 and 128 characters.

• scopesarray

  OAuth 2.0 scopes that define the permissions granted to this client. Each scope represents a specific permission or set of permissions. The client can only access resources that match its granted scopes.

cURL

curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients' \
  --request POST \
  --header 'Content-Type: application/json' \
  --data '{
  "audience": [
    "https://api.example.com/api/analytics",
    "https://deployment-api.acmecorp.com"
  ],
  "custom_claims": [
    {
      "key": "environment",
      "value": "production"
    },
    {
      "key": "service",
      "value": "deployment"
    }
  ],
  "description": "Service account for GitHub Actions to deploy applications to production",
  "expiry": 3600,
  "name": "GitHub Actions Deployment Service",
  "scopes": [
    "deploy:applications",
    "read:deployments"
  ]
}'

Get Organization M2M Client

Retrieves the configuration details for an organization's M2M client. This endpoint returns the client's metadata, including its scopes, audience values, custom claims, and associated secrets. Use this to verify client settings or retrieve the list of active secrets.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• client_idstringrequired

  Unique identifier of the M2M client

cURL

curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}'

Update Organization M2M client details

Updates the configuration settings for an organization's M2M client. This endpoint allows you to modify client properties such as scopes, audience values, and custom claims. Use this to adjust access permissions or update metadata for the client. Note that client_id and create_time are immutable and cannot be modified.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• client_idstringrequired

  Unique identifier of the client

• Request Body
• audiencearray

  The intended recipients of the access tokens issued to this client. Each audience value should be a URI that identifies the API or service that will validate the token.

• custom_claimsarray

  Additional claims to be included in access tokens issued to this client. These claims provide context about the client and can be used for authorization decisions. Keep claims minimal to avoid increasing token size.

• descriptionstring

  A detailed explanation of the client's purpose and usage. This helps administrators understand what the client is used for and who manages it.

• expirystring

  The lifetime of access tokens issued to this client, in seconds. This value determines how long a token remains valid before it must be refreshed. Defaults to 3600 (1 hour) if not specified.

• namestring

  A descriptive name for the M2M client that helps identify its purpose. This name is displayed in the dashboard and logs. Must be between 1 and 128 characters.

• scopesarray

  OAuth 2.0 scopes that define the permissions granted to this client. Each scope represents a specific permission or set of permissions. The client can only access resources that match its granted scopes.

cURL

curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}' \
  --request PATCH \
  --header 'Content-Type: application/json' \
  --data '{
  "audience": [
    "https://api.example.com/api/analytics",
    "https://deployment-api.acmecorp.com"
  ],
  "custom_claims": [
    {
      "key": "environment",
      "value": "production"
    },
    {
      "key": "service",
      "value": "deployment"
    }
  ],
  "description": "Service account for GitHub Actions to deploy applications to production",
  "expiry": 3600,
  "name": "GitHub Actions Deployment Service",
  "scopes": [
    "deploy:applications",
    "read:deployments"
  ]
}'

Delete an Organization M2M Client

Permanently deletes an M2M client from an organization. This operation cannot be undone and will revoke all access for the client. All associated secrets will also be invalidated. Use this endpoint to remove unused or compromised clients.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization that owns the client. Must start with 'org_' prefix.

• client_idstringrequired

  Unique identifier of the M2M client to permanently delete. Must start with 'm2morg_' prefix.

cURL

curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}' \
  --request DELETE

Create a Secret for Organization M2M Client

Generates a new client secret for an organization's M2M client. This endpoint creates a secure credential that can be used for OAuth 2.0 client credentials flow. The plain secret is only returned once during creation and should be stored securely by the client application. Use this endpoint to rotate secrets or create additional credentials for different environments.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• client_idstringrequired

  Unique identifier of the client

cURL

curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}/secrets' \
  --request POST

Delete an Organization M2M Client Secret

Permanently deletes a client secret for an organization's M2M client. This operation cannot be undone. Use this endpoint to remove compromised or unused secrets. After deletion, the secret can no longer be used for authentication. Consider creating a new secret before deleting the old one to avoid service interruption.

• Parameters
• organization_idstringrequired

  Unique identifier of the organization

• client_idstringrequired

  Unique identifier of the client

• secret_idstringrequired

  Unique identifier of the client secret

cURL

curl 'https://$ENV_URL/api/v1/organizations/{organization_id}/clients/{client_id}/secrets/{secret_id}' \
  --request DELETE

Webhooks

A webhook (also called a web callback or HTTP push API) is a way for Scalekit to provide your applications with real-time information. A webhook delivers data to your applications as it happens, meaning you get data immediately, unlike typical APIs where you would need to poll for data very frequently to get it in real-time. Events represent specific actions or changes, while webhooks are the mechanism used to deliver these event notifications to your specified endpoint.

By leveraging webhooks, you can build responsive and dynamic integrations that react immediately to changes in Scalekit System, enabling you to keep your systems in sync and automate user lifecycle management and other related use cases.

List of Events

eventorganization.sso_enabledeventorganization.sso_disabledeventorganization.directory_createdeventorganization.directory_enabledeventorganization.directory_disabledeventorganization.directory.user_createdeventorganization.directory.user_updatedeventorganization.directory.user_deletedeventorganization.directory.group_createdeventorganization.directory.group_updatedeventorganization.directory.group_deleted

Event Object

Every webhook payload has two key components: Event Metadata and Event Data.

• Event Metadata
• spec_versionstring

  Version of the event specification (currently '1')

• idstring

  Unique identifier for the specific event

• objectstring

  The type of object affected (Example: 'DirectoryUser')

• environment_idstring

  Identifier for the environment

• occurred_atstring

  Timestamp of when the event occurred

• organization_idstring

  Identifier for the organization

• typestring

  Specifies the exact event type (Example: 'organization.directory.user_created' for user creation)

• dataobject

  Contains latest object data after the event

Sample Event Payload

{
  "spec_version": "1",
  "id": "evt_123456789",
  "object": "DirectoryUser",
  "environment_id": "env_123456789",
  "occurred_at": "2024-08-21T10:20:17.072Z",
  "organization_id": "org_123456789",
  "type": "organization.directory.user_created",
  "data": {
    // Event Data
  }
}

SCIM Provisioning

Directory Created

This webhook triggers when a new directory connection is created. The event type is organization.directory_created

• Event Data
• directory_typestring

  Type of directory protocol used for synchronization

• idstring

  Unique identifier for the directory connection

• organization_idstring

  Unique identifier of the organization associated with this directory

• providerstring

  Identity provider for the directory connection

organization.directory_created

Loading...

Directory Enabled

This webhook is triggered when a directory sync is enabled. The event type is organization.directory_enabled

• Event Data
• idstring

  Unique identifier for the directory connection

• directory_typestring

  The type of directory synchronization

• enabledboolean

  Indicates if the directory sync is enabled

• environment_idstring

  Identifier for the environment

• last_sync_atnull

  Timestamp of the last synchronization, null if not yet synced

• organization_idstring

  Identifier for the organization

• providerstring

  The provider of the directory

• updated_atstring

  Timestamp of when the configuration was last updated

• occurred_atstring

  Timestamp of when the event occurred

organization.directory_enabled

Loading...

Directory Disabled

This webhook is triggered when a directory sync is disabled. The event type is organization.directory_disabled

• Event Data
• directory_typestring

  Type of directory protocol used for synchronization

• enabledboolean

  Indicates whether the directory synchronization is currently enabled or disabled

• idstring

  Unique identifier for the directory connection

• last_sync_atstring

  Timestamp of the most recent directory synchronization

• organization_idstring

  Unique identifier of the organization associated with this directory

• providerstring

  Identity provider for the directory connection

• statusstring

  Current status of the directory synchronization process

• updated_atstring

  Timestamp of the most recent update to the directory connection

• occurred_atstring

  Timestamp of when the event occurred

organization.directory_disabled

Loading...

Directory User Created

This webhook is triggered when a new directory user is created. The event type is organization.directory.user_created

• Event Data
• idstring

  Unique ID of the Directory User

• organization_idstring

  Unique ID of the Organization to which this directory user belongs

• dp_idstring

  Unique ID of the User in the Directory Provider (IdP) system

• preferred_usernamestring

  Preferred username of the directory user

• emailstring

  Email of the directory user

• activeboolean

  Indicates if the directory user is active

• namestring

  Fully formatted name of the directory user

• rolesarray

  Array of roles assigned to the directory user

  Child Attributes

  rolestring

  Role of the directory user

  namestring

  Name of the directory user

• groupsarray

  Array of groups to which the directory user belongs

  Child Attributes

  idstring

  ID of the directory group

  namestring

  Name of the directory group

• given_namestring

  Given name of the directory user

• family_namestring

  Family name of the directory user

• nicknamestring

  Nickname of the directory user

• picturestring

  URL of the directory user's profile picture

• phone_numberstring

  Phone number of the directory user

• addressobject

  Address of the directory user

  Child Attributes

  postal_codestring

  Postal code of the directory user address

  statestring

  State of the directory user address

  formattedstring

  Formatted address of the directory user

• custom_attributesobject

  Custom attributes of the directory user

• raw_attributesobject

  Raw attributes of the directory user as received from the Directory Provider (IdP)

organization.directory.user_created

Loading...

Directory User Updated

This webhook is triggered when a directory user is updated. The event type is organization.directory.user_updated

• Event Data
• idstring

  Unique ID of the Directory User

• organization_idstring

  Unique ID of the Organization to which this directory user belongs

• dp_idstring

  Unique ID of the User in the Directory Provider (IdP) system

• preferred_usernamestring

  Preferred username of the directory user

• emailstring

  Email of the directory user

• activeboolean

  Indicates if the directory user is active

• namestring

  Fully formatted name of the directory user

• rolesarray

  Array of roles assigned to the directory user

  Child Attributes

  rolestring

  Role of the directory user

  namestring

  Name of the directory user

• groupsarray

  Array of groups to which the directory user belongs

  Child Attributes

  idstring

  ID of the directory group

  namestring

  Name of the directory group

• given_namestring

  Given name of the directory user

• family_namestring

  Family name of the directory user

• nicknamestring

  Nickname of the directory user

• picturestring

  URL of the directory user's profile picture

• phone_numberstring

  Phone number of the directory user

• addressobject

  Address of the directory user

  Child Attributes

  postal_codestring

  Postal code of the directory user address

  statestring

  State of the directory user address

  formattedstring

  Formatted address of the directory user

• custom_attributesobject

  Custom attributes of the directory user

• raw_attributesobject

  Raw attributes of the directory user as received from the Directory Provider (IdP)

organization.directory.user_updated

Loading...

Directory User Deleted

This webhook is triggered when a directory user is deleted. The event type is organization.directory.user_deleted

• Event Data
• idstring

  Unique ID of the Directory User

• organization_idstring

  Unique ID of the Organization to which this directory user belongs

• dp_idstring

  Unique ID of the User in the Directory Provider (IdP) system

• emailstring

  Email of the directory user

organization.directory.user_deleted

Loading...

Directory Group Created

This webhook is triggered when a new directory group is created. The event type is organization.directory.group_created

• Event Data
• directory_idstring

  Unique identifier for the directory

• display_namestring

  Display name of the directory group

• external_idnull

  External identifier for the group, null if not specified

• idstring

  Unique identifier for the directory group

• organization_idstring

  Identifier for the organization associated with the group

• raw_attributesobject

  Raw attributes of the directory provider

• environment_idstring

  Identifier for the environment where the event occurred

• idstring

  Unique identifier for the event

• objectstring

  Type of object the event relates to

• occurred_atstring

  Timestamp when the event occurred

• organization_idstring

  Identifier for the organization associated with the event

• spec_versionstring

  Specification version of the event

• typestring

  Type of the event, indicating the action that occurred

organization.directory.group_created

Loading...

Directory Group Updated

This webhook is triggered when a directory group is updated. The event type is organization.directory.group_updated

• Event Data
• directory_idstring

  Unique identifier for the directory

• display_namestring

  Display name of the directory group

• external_idnull

  External identifier for the group, null if not specified

• idstring

  Unique identifier for the directory group

• organization_idstring

  Identifier for the organization associated with the group

• raw_attributesobject

  Raw attributes of the directory group

• environment_idstring

  Identifier for the environment where the event occurred

• idstring

  Unique identifier for the event

• objectstring

  Type of object the event relates to

• occurred_atstring

  Timestamp when the event occurred

• organization_idstring

  Identifier for the organization associated with the event

• spec_versionstring

  Specification version of the event

• typestring

  Type of the event, indicating the action that occurred

organization.directory.group_updated

Loading...

Directory Group Deleted

This webhook is triggered when a directory group is deleted. The event type is organization.directory.group_deleted

• Event Data
• directory_idstring

  Unique identifier for the directory

• display_namestring

  Display name of the directory group

• dp_idstring

  Unique identifier for the group in the directory provider system

• idstring

  Unique identifier for the directory group

• organization_idstring

  Identifier for the organization associated with the group

• raw_attributesobject

  Raw attributes of the directory group as received from the provider

  Child Attributes

  displayNamestring

  Display name of the group as received from the directory provider

  externalIdstring

  External identifier for the group in the directory provider system

  membersarray

  Array of members in the group

  Child Attributes

  valuestring

  Unique identifier for the group member

• environment_idstring

  Identifier for the environment where the event occurred

• idstring

  Unique identifier for the event

• objectstring

  Type of object the event relates to

• occurred_atstring

  Timestamp when the event occurred

• organization_idstring

  Identifier for the organization associated with the event

• spec_versionstring

  Specification version of the event

• typestring

  Type of the event, indicating the action that occurred

organization.directory.group_deleted

Loading...