SCIM - Introduction

[API version: 2.0]
View as Markdown

Base URL

  • AWS North America (AWS NA): https://auth-api.contentstack.com
  • AWS Europe (AWS EU): https://eu-auth-api.contentstack.com
  • AWS Australia (AWS AU): https://au-auth-api.contentstack.com
  • Azure North America (Azure NA): https://azure-na-auth-api.contentstack.com
  • Azure Europe (Azure EU): https://azure-eu-auth-api.contentstack.com
  • GCP North America (GCP NA): https://gcp-na-auth-api.contentstack.com
  • GCP Europe (GCP EU): https://gcp-eu-auth-api.contentstack.com

Overview

Contentstack is a headless, API-first content management system (CMS) that provides everything you need to power your web or mobile properties. To learn more about Contentstack, visit our website or refer to our documentation site to understand what we do.

This document is a detailed reference to the beta version of Contentstack’s SCIM API.

The SCIM API helps businesses to manage their users in their Contentstack organization via an IdP client. This includes provisioning (adding) and deprovisioning (removing) users in a Contentstack Organization via IdP client, and assigning permissions to these users via group mapping in Contentstack.

Contentstack SCIM API is built using SCIM 2.0 protocol. Currently, we extend our SCIM’s support to OneLogin, but you can write your custom tools that can use Contentstack’s SCIM API.

NoteBefore using the SCIM API requests, make sure you have enabled SCIM in the SCIM 2.0 section of your Organization Settings page.

Authentication

To use the SCIM API, you need to first authenticate yourself with your IdP client and generate its access token.

API conventions

  • The base URL for Content Management API is auth-api.contentstack.com and for the European region, the base URL is eu-auth-api.contentstack.com.
  • The SCIM API version (in our case, 'v2.0') can be found in the URL, e.g. auth-api.contentstack.com/scim/v2.0/endpoint.
  • SCIM API supports GET/POST/PUT/DELETE/PATCH verbs or methods.
  • URL paths are written in lower case.
  • Query parameters use the Camel case style.
  • The success/failure status of an operation is determined by the HTTP status it returns. Additional information is included in the HTTP response body.
  • The JSON number type is bound to a signed 32-bit integer.

Rate limiting

Rate limit is the maximum number of requests you can make using Contentstack’s API in a given time period.

By default, the Contentstack SCIM API enforces the following rate limits:

  • Read (GET) requests: 10 requests per second per organization
  • Write (POST/PUT/DELETE) requests: 10 requests per second per organization

Your application will receive the HTTP 429 response code if the requests for a given time period exceed the defined rate limits.

We also have set a limit on stack creation. Organizations can create only one stack per minute.

The aforementioned limits are configurable depending on your plan. For more information, contact our Support team.

To get the current rate limit status, you can check the returned HTTP headers of any API request. These rate limits are reset at the start of each time period.

HeadersDescription
X-RateLimit-LimitThe maximum number of request a client is allowed to make per second per organization.
X-RateLimit-RemainingThe number of requests remaining in the current time period.

Errors

If there is something wrong with the API request, Contentstack returns an error.

Contentstack supports SCIM implementation that uses conventional, standard HTTP status codes for errors, and returns a JSON body containing details about the error.

Let’s look at the error code and their meanings.

HTTP status code

Description

400 Bad Request

The request is unparsable, syntactically incorrect, or violates schema.

401 Unauthorized

The authorization header is invalid or missing.

403 Forbidden

Operation is not permitted based on the provided authorization.

404 Not Found

The requested resource (for example, User) or endpoint does not exist.

409 (Conflict)

The service provider refused to create a new or duplicate resource.

412 Pre Condition Failed

Failed to update.

429 Rate Limit Exceeded

The number of requests exceeds the allowed limit for the given time period.

500 Internal Server Error

The server is malfunctioning and is not specific on what the problem is.

501 Not Implemented

The requested operation is not supported