The System for Cross-domain Identity Management (SCIM) specification simplifies managing user identities in cloud-based applications. SCIM aims to reduce the cost and complexity of user management by providing a common user schema and standard protocols for exchanging this information.
Enterprise clients who maintain their own Single Sign-On to manage (register, activate, deactivate, change email address) users within their domain on Upwork platform can use SCIM to automate user management.
Access credentials
- URL:
https://www.upwork.com/api/v3/scim/v2/{tenantId}/
- Tenant ID is provided by Upwork (scim-tenant-id is used for examples below)
- Bearer access token is provided by Upwork (scim-access-token is used for examples below)
User attributes
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "userName": "johnsmith", "externalId": "3ad36cf6-04c1-4eed-9440-0a86cb612ffd", "active": true, "emails": [{"type": "work", "value": "johnsmith@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"}, "addresses": [{"type": "work", "country": "US"}], "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "department": "IT" } }
Mandatory attributes
- Email address: At least one work email address must be specified. In the case of multiple addresses, the primary attribute must be set to true for the primary email address.
- Given (first) name
- Family (last) name
- Country code: There must be at least one work address defined with ISO-3166 Alpha-2 country code.
Important to know
- We do not recommend storing optional user data unless necessary. We support a limited number of SCIM attributes; all unsupported attributes are ignored
- Updates are only supported for activation, deactivation and email change. Any other attribute updates will not affect the user profiles
Request examples
Create user
Javascript
POST https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users Authorization: Bearer {scim-access-token} Content-Type: application/scim+json Accept: application/scim+json { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "userName": "johnsmith", "emails": [{"type": "work", "value": "johnsmith@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"}, "addresses": [{"type": "work", "country": "US"}], "active": true }
Javascript
201 Created Content-Type: application/scim+json ETag: W/"96b065a4" Location: https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id": "4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "userName": "johnsmith", "meta": { "resourceType": "User", "created": "2020-09-23T21:18:11.463Z", "lastModified": "2020-09-23T21:18:11.463Z" }, "active": true, "addresses": [{"type": "work", "country": "US"}], "emails": [{"type": "work", "value": "johnsmith@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"} }
Get user
Javascript
GET https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 Authorization: Bearer {scim-access-token} Accept: application/scim+json
Javascript
200 OK Content-Type: application/scim+json ETag: W/"96b065a4" Location: https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id": "4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "userName": "johnsmith", "meta": { "resourceType": "User", "created": "2020-09-23T21:18:11.463Z", "lastModified": "2020-09-23T21:18:11.463Z" }, "active": true, "addresses": [{"type": "work", "country": "US"}], "emails": [{"type": "work", "value": "johnsmith@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"} }
Query users
Javascript
GET https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users?filter=id%20eq%20%224ee540f5-1f69-4e3d-86fb-b32ae79316f1%22&startIndex=1&count=10 Authorization: Bearer {scim-access-token} Accept: application/scim+json
Javascript
200 OK Content-Type: application/scim+json { "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults": 1, "startIndex": 1, "itemsPerPage": 10, "Resources": [ { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id": "4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "userName": "johnsmith", "meta": { "resourceType": "User", "created": "2020-09-23T21:18:11.463Z", "lastModified": "2020-09-23T21:18:11.463Z", "location": "https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "version": "W/\"96b065a4\"" }, "active": true, "addresses": [{"type": "work", "country": "US"}], "emails": [{"type": "work", "value": "johnsmith@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"} } ] }
Note:
User querying is only supported for a limited number of attributes (id, username, externalId) and conditions (eq, and). Order is not supported.
Patch user (deactivation example)
Javascript
PATCH https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 Authorization: Bearer {scim-access-token} Content-Type: application/scim+json Accept: application/scim+json If-Match: W/"96b065a4" { "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "operations": [{"op": "replace", "path": "active", "value": false}] }
Javascript
200 OK Content-Type: application/scim+json ETag: W/"66ff0656" Location: https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id": "4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "userName": "johnsmith", "meta": { "resourceType": "User", "created": "2020-09-23T21:18:11.463Z", "lastModified": "2020-09-23T22:08:45.559Z" }, "active": false, "addresses": [{"type": "work", "country": "US"}], "emails": [{"type": "work", "value": "johnsmith@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"} }
Note:
Filters are not supported for add operation in PATCH requests.
This will not work:
{ "op": "add", "path": "addresses[type eq \"other\"].streetAddress", "value": "221B Baker St." }
Composite objects should be added like this:
{ "op": "add", "path": "addresses", "value": [{"type": "other", "streetAddress": "221B Baker St."}] }
Replace user (email address change example)
Javascript
PUT https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 Authorization: Bearer {scim-access-token} Content-Type: application/scim+json Accept: application/scim+json If-Match: W/"66ff0656" { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id": "4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "userName": "johnsmith", "active": false, "addresses": [{"type": "work", "country": "US"}], "emails": [{"type": "work", "value": "johnsmith-updated@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"} }
Javascript
200 OK Content-Type: application/scim+json ETag: W/"a7b462b8" Location: https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id": "4ee540f5-1f69-4e3d-86fb-b32ae79316f1", "userName": "johnsmith", "meta": { "resourceType": "User", "created": "2020-09-23T21:18:11.463Z", "lastModified": "2020-09-23T22:27:18.114Z" }, "active": false, "addresses": [{"type": "work", "country": "US"}], "emails": [{"type": "work", "value": "johnsmith-updated@domain.com"}], "name": {"givenName": "John", "familyName": "Smith"} }
Delete user
Javascript
DELETE https://www.upwork.com/api/v3/scim/v2/{scim-tenant-id}/Users/4ee540f5-1f69-4e3d-86fb-b32ae79316f1 Authorization: Bearer {scim-access-token}
Javascript
204 No content
Note:
This request deactivates the user account, but does not remove the user from the Upwork platform.
Known limitations
- Groups are not supported
- Bulk updates are not supported
- Discovery endpoints are not supported