Canva SCIM API

Overview Authentication Users, Groups, and Teams

SCIM User API reference

Create a user Get a user List users Update all information for a user Update individual attributes for a user Delete a user

SCIM Group API reference

Create a group Get a group List groups Update all information for a group Update individual attributes for a group Delete a group

Update individual attributes for a user

Updates individual attributes for a user. To update a user's attributes, you must use the correct syntax for the operation, as defined in the SCIM specification.

For example, to update a user's work email and familyName values, use the following for the request body:

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "replace",
      "path": "emails[type eq \"work\"].value",
      "value": "[email protected]"
    },
    {
      "op": "replace",
      "path": "name.familyName",
      "value": "New-Family-Name"
    }
  ]
}

json

To deprovision a SCIM user, you can use an operation to set the active attribute to false. For example:

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "replace",
      "path": "active",
      "value": false
    }
  ]
}

json

Alternatively, you can provide an operation's value object as a list of paths and values to modify. For example:

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "add",
      "value": {
        "name.givenName": "New-Given-Name",
        "name.familyName": "New-Family-Name",
        "externalId": "abcd1234"
      }
    }
  ]
}

json

HTTP method and URL path

PATCH https://www.canva.com/_scim/v2/Users/{canva_scim_id}

Header parameters

#Authorizationstring

Required

Provides credentials to authenticate the request, in the form of a Bearer token.

For example: Authorization: Bearer {token}

#Content-Typestring

Required

Indicates the media type of the information sent in the request. This must be set to application/scim+json.

For example: Content-Type: application/scim+json

Path parameters

#canva_scim_idstring

Required

The Canva-generated SCIM ID for the user.

Body parameters

#schemasstring[]

Required

The URIs of the SCIM schemas. The value for this can only be urn:ietf:params:scim:api:messages:2.0:PatchOp.

#Operationsobject[]

Required

List of patch operations

Properties of Operations

#opstring

Required

The SCIM patch operation to perform. This can be one of the following:

add
remove
replace

#pathstring

Optional

An attribute path describing the target of the operation. For more information, see the SCIM specification.

#value

Optional

The value to add, remove, or replace.

Example request

Examples for using the /_scim/v2/Users/{canva_scim_id} endpoint:

curl --request PATCH 'https://www.canva.com/_scim/v2/Users/{canva_scim_id}' \
--header 'Authorization: Bearer {token}' \
--header 'Content-Type: application/scim+json' \
--data '{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "replace",
      "path": "name.familyName",
      "value": "Liddell"
    }
  ]
}'

const fetch = require("node-fetch");

fetch("https://www.canva.com/_scim/v2/Users/{canva_scim_id}", {
  method: "PATCH",
  headers: {
    "Authorization": "Bearer {token}",
    "Content-Type": "application/scim+json",
  },
  body: JSON.stringify({
    "schemas": [
      "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
      {
        "op": "replace",
        "path": "name.familyName",
        "value": "Liddell"
      }
    ]
  }),
})
  .then(async (response) => {
    const data = await response.json();
    console.log(data);
  })
  .catch(err => console.error(err));

import java.io.IOException;
import java.net.URI;
import java.net.http.*;

public class ApiExample {
    public static void main(String[] args) throws IOException, InterruptedException {
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create("https://www.canva.com/_scim/v2/Users/{canva_scim_id}"))
            .header("Authorization", "Bearer {token}")
            .header("Content-Type", "application/scim+json")
            .method("PATCH", HttpRequest.BodyPublishers.ofString("{\"schemas\": [\"urn:ietf:params:scim:api:messages:2.0:PatchOp\"], \"Operations\": [{\"op\": \"replace\", \"path\": \"name.familyName\", \"value\": \"Liddell\"}]}"))
            .build();

        HttpResponse<String> response = HttpClient.newHttpClient().send(
            request,
            HttpResponse.BodyHandlers.ofString()
        );
        System.out.println(response.body());
    }
}

java

import requests

headers = {
    "Authorization": "Bearer {token}",
    "Content-Type": "application/scim+json"
}

data = {
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "replace",
            "path": "name.familyName",
            "value": "Liddell"
        }
    ]
}

response = requests.patch("https://www.canva.com/_scim/v2/Users/{canva_scim_id}",
    headers=headers,
    json=data
)
print(response.json())

using System.Net.Http;

var client = new HttpClient();
var request = new HttpRequestMessage
{
  Method = HttpMethod.Patch,
  RequestUri = new Uri("https://www.canva.com/_scim/v2/Users/{canva_scim_id}"),
  Headers =
  {
    { "Authorization", "Bearer {token}" },
  },
  Content = new StringContent(
    "{\"schemas\": [\"urn:ietf:params:scim:api:messages:2.0:PatchOp\"], \"Operations\": [{\"op\": \"replace\", \"path\": \"name.familyName\", \"value\": \"Liddell\"}]}",
    Encoding.UTF8,
    "application/scim+json"
  ),
};

using (var response = await client.SendAsync(request))
{
  response.EnsureSuccessStatusCode();
  var body = await response.Content.ReadAsStringAsync();
  Console.WriteLine(body);
};

csharp

package main

import (
	"fmt"
	"io"
	"net/http"
	"strings"
)

func main() {
	payload := strings.NewReader(`{
	  "schemas": [
	    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
	  ],
	  "Operations": [
	    {
	      "op": "replace",
	      "path": "name.familyName",
	      "value": "Liddell"
	    }
	  ]
	}`)

	url := "https://www.canva.com/_scim/v2/Users/{canva_scim_id}"
	req, _ := http.NewRequest("PATCH", url, payload)
	req.Header.Add("Authorization", "Bearer {token}")
	req.Header.Add("Content-Type", "application/scim+json")

	res, _ := http.DefaultClient.Do(req)
	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)
	fmt.Println(string(body))
}

$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_URL => "https://www.canva.com/_scim/v2/Users/{canva_scim_id}",
  CURLOPT_CUSTOMREQUEST => "PATCH",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {token}',
    'Content-Type: application/scim+json',
  ),
  CURLOPT_POSTFIELDS => json_encode([
    "schemas" => [
      "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations" => [
      [
        "op" => "replace",
        "path" => "name.familyName",
        "value" => "Liddell"
      ]
    ]
  ])
));

$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);

if (empty($err)) {
  echo $response;
} else {
  echo "Error: " . $err;
}

php

require 'net/http'
require 'uri'

url = URI('https://www.canva.com/_scim/v2/Users/{canva_scim_id}')
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Patch.new(url)
request['Authorization'] = 'Bearer {token}'
request['Content-Type'] = 'application/scim+json'
request.body = <<REQUEST_BODY
{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "replace",
      "path": "name.familyName",
      "value": "Liddell"
    }
  ]
}
REQUEST_BODY

response = http.request(request)
puts response.read_body

ruby

Success response

If successful, the endpoint returns a 200 response with a JSON body with the following parameters:

#schemasstring[]

The URIs of the SCIM schemas. The value for this can only be urn:ietf:params:scim:schemas:core:2.0:User.

#idstring

The Canva-generated SCIM ID for the user.

#metaobject

Meta properties for the user.

Properties of meta

#resourceTypestring

The SCIM resource type of the object. The value for this can only be User.

#createdstring

The timestamp when the object was created.

#userNamestring

A unique identifier for the user.

#displayNamestring

The name of the user, suitable for display to end-users.

#emailsobject[]

The email address for the user.

Properties of emails

#primaryboolean

Whether the email is the primary address. Only one email address for a user can be the primary one.

#valuestring

The email address.

#typestring

The type of email address for the user. The Canva SCIM API only supports work as the type of the email address.

#activeboolean

Whether the user account is active. Setting this to false deprovisions the user in Canva.

#rolestring

The role of the user. This can be one of the following:

Member
Teacher
Staff
Admin
Template-designer
Aide
Administrator
School administrator
School
Tenant
Faculty

If an invalid value is provided, the role defaults to Member.

#externalIdstring

Optional

A string that is an identifier for the resource as defined by the provisioning client.

#namename

Optional

The components of the user's name.

Properties of name

#givenNamestring

Optional

The first or 'given' name for the user.

#familyNamestring

Optional

The last or 'family' name for the user.

#localestring

Optional

The user's default location, for example en_AU.

Example response

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "id": "UAFdxab1abC",
  "externalId": "abcd1234",
  "meta": {
    "resourceType": "User",
    "created": "2023-09-18T06:08:35Z"
  },
  "userName": "aliddell",
  "displayName": "Alice Liddell",
  "name": {
    "givenName": "Alice",
    "familyName": "Liddell"
  },
  "emails": [
    {
      "primary": true,
      "value": "[email protected]",
      "type": "work"
    }
  ],
  "active": true,
  "locale": "en_US",
  "role": "Member"
}

json

Error responses

400 Bad request

#schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:Error.

#detailstring

The value for this can only be No SSO configurations found, please check the settings page.

#statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "No SSO configurations found, please check the settings page",
  "status": "400"
}

json

403 Forbidden

#schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:Error.

#detailstring

The value for this can only be Email domain not authorized for SCIM..

#statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "Email domain not authorized for SCIM.",
  "status": "403"
}

json

404 Not found

#schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:Error.

#detailstring

The value for this can only be No user found for id {canva_scim_id}.

#statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "No user found for id {canva_scim_id}",
  "status": "404"
}

json

409 Conflict

#schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:Error.

#detailstring

This can be one of the following:

userName not available
Account with email can not be updated. User needs to accept SSO linking
Account with email already exists. User must first log in with SAML to confirm account ownership
Account with email is soft deleted. The user must first log in to reactivate their account

#statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "userName not available",
  "status": "409"
}

json