diff --git a/api/body.hbs b/api/body.hbs index 2e15e78fb..536e15a0e 100644 --- a/api/body.hbs +++ b/api/body.hbs @@ -1,4 +1,5 @@ --- +title: REST API reference is_api: true comment: spaces in body are important, do not remove without checking result. toc: @@ -39,6 +40,9 @@ toc: - title: "/users" url: "#tag/users" + - + title: "/scim" + url: "#tag/scim" - title: "Deprecated endpoints" url: "#tag/data" diff --git a/api/grist.yml b/api/grist.yml index 4d28bf9a4..ca2c0e51f 100644 --- a/api/grist.yml +++ b/api/grist.yml @@ -10,7 +10,7 @@ openapi: 3.0.0 security: - ApiKey: [] servers: - - url: https://{subdomain}.getgrist.com/api + - url: https://{gristhost}/api variables: subdomain: description: The team name, or `docs` for personal areas @@ -1151,6 +1151,22 @@ paths: description: "The caller is not allowed to delete this account" 404: description: "The user is not found" + /scim/v2/Users: + $ref: "./scim/users.yml#/paths/~1scim~1v2~1Users" + /scim/v2/Users/{userId}: + $ref: "./scim/users.yml#/paths/~1scim~1v2~1Users~1{userId}" + /scim/v2/Users/.search: + $ref: "./scim/users.yml#/paths/~1scim~1v2~1Users~1.search" + /scim/v2/Me: + $ref: "./scim/users.yml#/paths/~1scim~1v2~1Me" + /scim/v2/Bulk: + $ref: "./scim/bulk.yml#/paths/~1scim~1v2~1Bulk" + /scim/v2/Schemas: + $ref: "./scim/serviceproviderconfig.yml#/paths/~1scim~1v2~1Schemas" + /scim/v2/ServiceProviderConfig: + $ref: "./scim/serviceproviderconfig.yml#/paths/~1scim~1v2~1ServiceProviderConfig" + /scim/v2/ResourceTypes: + $ref: "./scim/serviceproviderconfig.yml#/paths/~1scim~1v2~1ResourceTypes" tags: - name: orgs @@ -1175,6 +1191,8 @@ tags: description: "Sql endpoint to query data from documents." - name: users description: "Grist users." + - name: scim + description: "SCIM" components: securitySchemes: ApiKey: @@ -2199,3 +2217,4 @@ components: - label description: "Format for headers. Labels tend to be more human-friendly while colIds are more normalized." required: false + diff --git a/api/scim/bulk.yml b/api/scim/bulk.yml new file mode 100644 index 000000000..ff74d54c7 --- /dev/null +++ b/api/scim/bulk.yml @@ -0,0 +1,47 @@ +paths: + /scim/v2/Bulk: + post: + summary: Bulk operation + operationId: bulkOperation + tags: + - scim + requestBody: + description: Operations to be performed in bulk. + required: true + content: + application/scim+json: + schema: + type: object + properties: + schemas: + type: array + items: + type: string + enum: + - "urn:ietf:params:scim:api:messages:2.0:BulkRequest" + Operations: + type: array + description: List of operations to be executed. + items: + type: object + properties: + method: + type: string + description: HTTP method for the operation. + example: "POST" + path: + type: string + description: Resource path for the operation. + example: "/scim/v2/Users" + data: + type: object + description: Data for the operation. + responses: + '200': + description: Bulk operations executed successfully. + '400': + description: Bad request. + '500': + description: Internal server error. + + diff --git a/api/scim/serviceproviderconfig.yml b/api/scim/serviceproviderconfig.yml new file mode 100644 index 000000000..c1094fbdc --- /dev/null +++ b/api/scim/serviceproviderconfig.yml @@ -0,0 +1,42 @@ +paths: + /scim/v2/Schemas: + get: + summary: Retrieve SCIM schemas + operationId: getSchemas + tags: + - scim + responses: + '200': + description: Successfully retrieved schemas. + '401': + description: Unauthenticated + '500': + description: Internal server error. + + /scim/v2/ServiceProviderConfig: + get: + summary: Retrieve service provider configuration + operationId: getServiceProviderConfig + tags: + - scim + responses: + '200': + description: Successfully retrieved service provider configuration. + '401': + description: Unauthenticated + '500': + description: Internal server error. + + /scim/v2/ResourceTypes: + get: + summary: Retrieve SCIM resource types + operationId: getResourceTypes + tags: + - scim + responses: + '200': + description: Successfully retrieved resource types. + '401': + description: Unauthenticated + '500': + description: Internal server error. diff --git a/api/scim/users.yml b/api/scim/users.yml new file mode 100644 index 000000000..14be5cccd --- /dev/null +++ b/api/scim/users.yml @@ -0,0 +1,419 @@ +paths: + /scim/v2/Users: + get: + summary: Retrieve list of users + operationId: getUsers + tags: + - scim + parameters: + - name: startIndex + in: query + description: The starting index for pagination. + required: false + schema: + type: integer + example: 1 + - name: count + in: query + description: The number of users to retrieve. + required: false + schema: + type: integer + example: 10 + - name: filter + in: query + description: Filter users based on specific criteria. + required: false + schema: + type: string + example: "userName pr" + responses: + '200': + description: Successfully retrieved list of users. + content: + application/scim+json: + schema: + $ref: "#/components/schemas/UsersListResponse" + '401': + description: Unauthenticated + '403': + description: Unauthorized + '500': + description: Internal server error. + + post: + summary: Create a new user + operationId: createUser + tags: + - scim + requestBody: + description: Data for the user to be created. + required: true + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserInRequest' + responses: + '201': + description: User created successfully. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserInResponse' + '400': + description: Bad request. + '401': + description: Unauthenticated + '403': + description: Unauthorized + '409': + description: Conflict on resource (like email). + '500': + description: Internal server error. + + /scim/v2/Users/{userId}: + get: &get-user + summary: Retrieve user by ID + operationId: getUserById + tags: + - scim + parameters: + - $ref: '#/components/params/userIdPathParam' + responses: + '200': + description: Successfully retrieved user details. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserInResponse' + '401': + description: Unauthenticated + '403': + description: Unauthorized + '404': + description: User not found. + '500': + description: Internal server error. + + put: &put-user + summary: Update a user by ID + description: ⚠️ This operation override all the user's information. In order to pass only some properties to update, please use [PATCH](#tag/scim/operation/patchUserById) instead. + operationId: updateUserById + tags: + - scim + parameters: + - $ref: '#/components/params/userIdPathParam' + requestBody: + description: Updated data for the user. + required: true + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserInRequest' + responses: + '200': + description: User updated successfully. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserInResponse' + '401': + description: Unauthenticated + '403': + description: Unauthorized + '404': + description: User not found. + '409': + description: Conflict on resource (like email). + '500': + description: Internal server error. + + patch: &patch-user + summary: Partially update a user by ID + operationId: patchUserById + tags: + - scim + parameters: + - $ref: '#/components/params/userIdPathParam' + requestBody: + description: Data for the partial update of the user. + required: true + content: + application/scim+json: + schema: + type: object + properties: + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:api:messages:2.0:PatchOp + Operations: + type: array + items: + type: object + properties: + op: + type: string + description: Operation type (add, replace, remove). + example: "replace" + path: + type: string + description: The field to be updated. + example: "photos[primary eq true].value" + value: + type: string + description: New value for the field. + example: "https://example.com/pics/john-doe.png" + responses: + '200': + description: User partially updated successfully. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserInResponse' + '400': + description: Bad request. + '401': + description: Unauthenticated + '403': + description: Unauthorized + '404': + description: User not found. + '409': + description: Conflict on resource (like email). + '500': + description: Internal server error. + + delete: &delete-user + summary: Delete a user by ID. + description: ⚠️ **This action cannot be undone, please be cautious when using this endpoint** ⚠️ + operationId: deleteUserById + tags: + - scim + parameters: + - $ref: '#/components/params/userIdPathParam' + responses: + '204': + description: User deleted successfully. + '401': + description: Unauthenticated + '403': + description: Unauthorized + '404': + description: User not found. + '500': + description: Internal server error. + + /scim/v2/Users/.search: + post: + summary: Search users + operationId: searchUsers + tags: + - scim + requestBody: + description: Search criteria. + required: true + content: + application/scim+json: + schema: + type: object + properties: + schemas: + type: array + items: + type: string + enum: + - "urn:ietf:params:scim:api:messages:2.0:SearchRequest" + filter: + type: string + description: Filter expression for users. + example: 'userName co "john.doe"' + sortBy: + type: string + description: Field to sort by. + example: "userName" + sortOrder: + type: string + description: Order of sorting (ascending or descending). + example: "ascending" + attributes: + type: array + description: A multi-valued list of strings indicating the names of resource attributes to return in the response. + items: + type: string + example: [ "id", "displayName" ] + excludedAttributes: + type: array + description: A multi-valued list of strings indicating the names of resource attributes to be removed from the default set of attributes to return. + items: + type: string + example: [ "locale" ] + startIndex: + description: The starting index for pagination. + type: integer + example: 1 + count: + description: The number of users to retrieve. + type: integer + example: 10 + + responses: + '200': + description: Users retrieved based on search criteria. + content: + application/scim+json: + schema: + type: object + properties: + schemas: + type: array + items: + type: string + enum: + - "urn:ietf:params:scim:api:messages:2.0:ListResponse" + totalResults: + type: integer + description: Total number of users found. + Resources: + type: array + items: + $ref: '#/components/schemas/UserInResponse' + '400': + description: Bad request. + '401': + description: Unauthenticated + '403': + description: Unauthorized + '500': + description: Internal server error. + /scim/v2/Me: + get: + <<: *get-user + summary: Retrieve information about oneself + description: When SCIM is enabled, this endpoint is accessible by anyone authentified in Grist. + operationId: getMe + parameters: [] + +components: + + params: + userIdPathParam: + in: path + name: userId + schema: + type: integer + description: A user id + required: true + + schemas: + UsersListResponse: + type: object + properties: + schemas: + type: array + items: + type: string + enum: + - "urn:ietf:params:scim:api:messages:2.0:ListResponse" + totalResults: + type: integer + description: Total number of users. + example: 1 + itemsPerPage: + type: integer + description: Number of users returned per page. + example: 20 + startIndex: + type: integer + description: Starting index. + example: 1 + Resources: + type: array + items: + $ref: '#/components/schemas/UserInResponse' + + UserInRequest: + type: object + properties: + schemas: + type: array + items: + type: string + enum: + - "urn:ietf:params:scim:schemas:core:2.0:User" + userName: + type: string + description: The unique username. + example: "john.doe@example.com" + name: + type: object + properties: + formatted: + type: string + description: Full name of the user. + example: "John Doe" + emails: + type: array + items: + type: object + properties: + value: + type: string + description: The user's email address. + example: "john.doe@example.com" + primary: + type: boolean + description: Whether this is the primary email. + example: true + displayName: + type: string + description: the display name of the user + example: "John Doe" + preferredLanguage: + type: string + description: Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. + example: "en" + locale: + type: string + description: Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations. + example: "en" + photos: + type: array + description: The picture of the user. It is expected to have a single item in the context of Grist. + items: + type: object + properties: + value: + type: string + description: The picture of the user + example: "https://example.com/pics/john-doe.png" + primary: + type: boolean + description: Whether this is the primary picture + example: true + type: + type: string + description: The picture type. Currently, we only offer pictures of type "photo". + enum: ["photo", "thumbnail"] + example: "photo" + UserInResponse: + allOf: + - type: object + properties: + meta: + type: object + properties: + resourceType: + type: string + enum: + - "User" + location: + type: string + example: "/api/scim/v2/Users/1" + id: + type: string + description: The unique identifier of the user. + example: "1" + - $ref: '#/components/schemas/UserInRequest' diff --git a/help/en/docs/api.md b/help/en/docs/api.md index 01da6cd98..efdffae2e 100644 --- a/help/en/docs/api.md +++ b/help/en/docs/api.md @@ -40,6 +40,9 @@ toc: - title: "/users" url: "#tag/users" + - + title: "/scim" + url: "#tag/scim" - title: "Deprecated endpoints" url: "#tag/data" @@ -58,7 +61,7 @@ REST API for manipulating documents, workspaces, and team sites.