Authenticate PingDirectory and PingDirectoryProxy SCIM 2.0 API requests with an OAuth 2.0 access (bearer) token, as defined by RFC 6750. Obtain the bearer token through an OAuth 2 authorization server, such as PingFederate. Add the bearer token to the Authorization header of your requests.

curl --location --request GET '{{apiPath}}/scim/v2/Users/1c588695-c3d9-4215-8f23-8e3c8f419492?attributes=userName' \
--header 'Authorization: Bearer eyJraWQiOiJBY2Nlc3MgVG9rZW4gU2lnbmluZyBLZXkgUGFpciIsImFsZyI6IlJTNTEyIn0.eyJzY29wZSI6ImFjY291bnQgYWxsIGNvbnNlbnQgY29uc2VudF9oaXN0b3J5IGV4dGVybmFsX2lkZW50aXR5IHBhc3N3b3JkIHBxciBzZXNzaW9uIHRvdHAgdmFsaWRhdGVkX3Bob25lIHZhbGlkYXRlZF9lbWFpbCIsImV4cCI6MTQ3NDA3MjU2MCwiaWF0IjoxNDczNjQwNTYwLCJjbGllbnRfaWQiOiJ0ZXN0MSIsImp0aSI6ImEuS09RUmdnIn0.WsWZs--i2EDGNNA3B5QBqOW0AwGConAdio6LefpJGYprDjf9qfYCbAoBI5SxFDKez3ZkImPcJNZUOhngtW24GUsUoLgpQ1KFti4Z1kNieb5oEIgElfg4Xv68TTcBfRtoK1Uh8W4T4N7580uql1n9-sQGgsTVtTwNaoOaxhgKtgbzVj2WzeN48n8fMqML42E-ttZBHV8OeWxsXHS8kcoqxPtnrGGxEnnqgiaKZYBlYZkX9DibgLgWCgSNNQJ7HEeCNE76mvxLSrJUL5r8NHHCe2d6X2FL-tOOtAqgihgqpSuoom4r-bJPkuQ4q-ggwG5W-EG7DqQbp6vOD6oNlVGycw' \
--header 'Accept: application/scim+json' \
--header 'Accept-Encoding: gzip, deflate'

If the access token is missing, expired, or invalid, the server responds with a status code of 401 Unauthorized.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "scimType": "invalid_token",
    "status": 401,
    "detail": "Access token is expired or otherwise invalid."
}