User Management and SCIM 2.0 API

Operations related to user management. Several operations implement the SCIM 2.0 protocol.

Get groups (SCIM 2.0)

Fetches all Instaclustr accounts and organizations linked to the OWNER who has generated the given User Management API key.

This request follows the SCIM 2.0 protocol. Additional SCIM 2.0 compliant properties may be included in the actual response as null valued properties.

SecurityBasic Authentication
Request
query Parameters
startIndex
integer <int32>
Default: 1
count
integer <int32>
Default: 10
filter
stringdisplayName eq "(.+)"

Filters the group list by the group's display name using case-sensitive matching.

Example: filter=displayName eq "MyInstaclustrAccount|CLUSTER_ADMIN"
Responses
200

Successfully returned groups.

400

Bad Request

401

Not Authorized

404

Resource not found

get/scim/v2/Groups
Request samples
Response samples
{
  • "schemas": [
    ],
  • "totalResults": 50,
  • "startIndex": 1,
  • "itemsPerPage": 10,
  • "Resources": []
}

Get single group (SCIM 2.0)

Fetches a single Instaclustr account by account ID or organization ID. The value of account ID has the form [accountId]|[role] where role can be OWNER, CLUSTER_ADMIN, BILLING, READ_ONLY The account or organization must be linked to the OWNER who has generated the given User Management API key.

This request follows the SCIM 2.0 protocol. Additional SCIM 2.0 compliant properties may be included in the actual response as null valued properties.

SecurityBasic Authentication
Request
path Parameters
id
required
string <string>

Instaclustr group ID with or without role

Example: ca552914-2518-46ab-9352-e29dde1cca92|READ_ONLY
Responses
200

Successfully returned group.

400

Bad Request

401

Not Authorized

404

Resource not found

get/scim/v2/Groups/{id}
Request samples
Response samples
{}

Update group membership (SCIM 2.0)

Links or unlinks SCIM provisioned users to the given Instaclustr account. The value of account ID has the form [accountId]|[role] where role can be OWNER, CLUSTER_ADMIN, BILLING, READ_ONLY When given an organization ID it will also link or unlink the user from the organization. The account or organization must be linked to the OWNER who has generated the given User Management API key.

Note - While the request accepts all properties compliant with the SCIM 2.0 protocol, properties not listed in the request body schema will be ignored for the operation.

SecurityBasic Authentication
Request
path Parameters
id
required
string <string>

Instaclustr group ID with or without role

Example: a2ecfbc3-6632-492b-a929-5fd0f42d087d|READ_ONLY
Request Body schema:
schemas
Array of strings unique
required
Array of objects (ScimGroupPatchOperationSchema)
Responses
200

Successfully updated group membership.

400

Bad Request

401

Not Authorized

403

Given user(s) may not be be added/removed from the account.

404

Resource not found

patch/scim/v2/Groups/{id}
Request samples
{
  • "Operations": [
    ],
  • "schemas": [
    ]
}
Response samples
{}

Get users (SCIM 2.0)

Fetches paginated users provisioned by the given User Management API key.

This request follows the SCIM 2.0 protocol. Additional SCIM 2.0 compliant properties may be included in the actual response as null valued properties.

SecurityBasic Authentication
Request
query Parameters
filter
string^userName eq "(.+)"

Filters the user list by the given external username.

Example: filter=userName eq "external_username_123"
startIndex
integer <int32>
Default: 1
count
integer <int32>
Default: 10
Responses
200

Successfully returned users.

400

Unable to parse the filter.

401

Not Authorized

404

Resource not found

get/scim/v2/Users
Request samples
Response samples
{
  • "schemas": [
    ],
  • "totalResults": 50,
  • "startIndex": 1,
  • "itemsPerPage": 10,
  • "Resources": [
    ]
}

Create a user (SCIM 2.0)

Provisions a new Instaclustr user.

This request may also be used with an existing Instaclustr user if it is linked to the account used to generate the User Management API key. This request may not be used to provision any existing Service User even if it is already linked to the account used to generate the User Management API key.

Note - While the request accepts all properties compliant with the SCIM 2.0 protocol, properties not listed in the request body schema will be ignored for the operation.

SecurityBasic Authentication
Request
Request Body schema:
schemas
Array of strings unique
required
Array of objects (ScimEmailSchema)
userName
required
string
required
object (ScimNameSchema)
Responses
200

Successfully created user.

400

Bad Request

401

Not Authorized

403

Not allowed to create user with the provided details.

404

Resource not found

post/scim/v2/Users
Request samples
{
  • "schemas": [
    ],
  • "emails": [
    ],
  • "userName": "external_username_123",
  • "name": {
    }
}
Response samples
{
  • "schemas": [
    ],
  • "emails": [
    ],
  • "userName": "external_username_123",
  • "name": {
    },
  • "id": "user_123",
  • "meta": {
    },
  • "active": true
}

Get single user (SCIM 2.0)

Fetches a single user with a matching username that has been provisioned by the given User Management API key.

This request follows the SCIM 2.0 protocol. Additional SCIM 2.0 compliant properties may be included in the actual response as null valued properties.

SecurityBasic Authentication
Request
path Parameters
userId
required
string

Username of Instaclustr user.

Example: user_123
Responses
200

Successfully returned user.

400

Bad Request

401

Not Authorized

404

Unable to parse the filter.

get/scim/v2/Users/{userId}
Request samples
Response samples
{
  • "schemas": [
    ],
  • "emails": [
    ],
  • "userName": "external_username_123",
  • "name": {
    },
  • "id": "user_123",
  • "meta": {
    },
  • "active": true
}

Update a user (SCIM 2.0)

Updates an Instaclustr user provisioned through SCIM by the given User Management API key.

Note - While the request accepts all properties compliant with the SCIM 2.0 protocol, properties not listed in the request body schema will be ignored for the operation.

SecurityBasic Authentication
Request
path Parameters
userId
required
string

Username of Instaclustr user.

Example: user_123
Request Body schema:
schemas
Array of strings unique
required
Array of objects (ScimEmailSchema)
userName
required
string
required
object (ScimNameSchema)
id
required
string

Username of Instaclustr user.

Responses
200

Successfully updated user.

400

Bad Request

401

Not Authorized

404

Resource not found

put/scim/v2/Users/{userId}
Request samples
{
  • "schemas": [
    ],
  • "emails": [
    ],
  • "userName": "external_username_123",
  • "name": {
    },
  • "id": "user_123"
}
Response samples
{
  • "schemas": [
    ],
  • "emails": [
    ],
  • "userName": "external_username_123",
  • "name": {
    },
  • "id": "user_123",
  • "meta": {
    },
  • "active": true
}

Patch a user (SCIM 2.0)

Patch an Instaclustr user provisioned through SCIM by the given User Management API key.

Deactivating a user will unlink it from all SCIM groups, accounts and organizations, and will exclude the user from all SCIM user queries. It is not possible to activate a user who is an OWNER of a SCIM group. For non-PCI account, the targeting deactivation user must not be the last owner for any of the linked accounts. For PCI account or for accounts with Inactivity Settings enabled, the targeting deactivation user must not be the second last owner for any of the linked accounts.

Deactivating a user will completely deactivate the user from Instaclustr, preventing it from logging in to Instaclustr console and API, and access to any accounts and organizations. Activating a user will include the user in all SCIM user queries.

An Instaclustr user cannot be deleted via SCIM. To permanently delete an Instaclustr user contact support@instaclustr.com.

Note - While the request accepts all properties compliant with the SCIM 2.0 protocol, properties not listed in the request body schema will be ignored for the operation.

SecurityBasic Authentication
Request
path Parameters
userId
required
string

Username of Instaclustr user.

Example: user_123
Request Body schema:
schemas
Array of strings unique
required
Array of objects (ScimUserPatchOperationSchema)
Responses
200

Successfully updated user.

400

Bad Request

401

Not Authorized

403

Cannot deactivate a user that is a sole owner of another account with clusters.

404

Resource not found

patch/scim/v2/Users/{userId}
Request samples
{
  • "schemas": [
    ],
  • "Operations": [
    ]
}
Response samples
{
  • "schemas": [
    ],
  • "emails": [
    ],
  • "userName": "external_username_123",
  • "name": {
    },
  • "id": "user_123",
  • "meta": {
    },
  • "active": true
}

Get the details of the current user

Retrieve the details of the current user, account, and access level based on the access key used to authenticate this user

SecurityBasic Authentication
Responses
200

Successfully retrieved details.

400

Bad Request

401

Not Authorized

403

Forbidden

404

Resource not found

415

Unsupported media type: returned when the payload is in an unsupported format.

429

Too many requests: returned when more than 35 requests per second are being received by your user.

get/usermanagement/me
Request samples
Response samples
application/json
{
  • "user": {
    },
  • "account": {
    },
  • "keyAccessLevel": "MONITORING"
}

Rotate the requesting user's API key

This endpoint rotates the API key that was used to authenticate this request.

SecurityBasic Authentication
Responses
200

Successfully created or recreated the API key

400

Bad Request

401

Not Authorized

403

Forbidden

404

Resource not found

415

Unsupported media type: returned when the payload is in an unsupported format.

429

Too many requests: returned when more than 35 requests per second are being received by your user.

post/usermanagement/me/apikey/rotate
Request samples
Response samples
application/json
{
  • "account": "28c57513-7fae-4297-af6f-07fbf5356f08",
  • "apiKeyType": "MONITORING",
  • "cidrAllowList": [
    ],
  • "key": "73b3c11632c39eed21d0b14d1eccfad5",
  • "username": "testuser"
}

Update the role of a user

Updates the role of a user for an account.

SecurityBasic Authentication
Request
Request Body schema: application/json
required

User role update request

user
string

Target user name or email address

scimUsername
string

SCIM username

role
required
string

Updated role

Enum: "OWNER" "CLUSTER_ADMIN" "BILLING" "READ_ONLY"
targetAccount
string

Target Account

Responses
200

Successfully updated the user role.

400

Bad Request

401

Not Authorized

403

The target user is not linked to the current account.

404

Resource not found

415

Unsupported media type: returned when the payload is in an unsupported format.

422

The account must have at least one owner.

429

Too many requests: returned when more than 35 requests per second are being received by your user.

put/usermanagement/role
Request samples
application/json
{
  • "user": "string",
  • "scimUsername": "string",
  • "role": "OWNER",
  • "targetAccount": "string"
}
Response samples
application/json
{
  • "message": "The role for scim-user has been updated to READ_ONLY for account 77b5a4e1-c422-4a78-b551-d8fa5c42ad95."
}