A production-ready webhook service that imports SCIM (System for Cross-domain Identity Management) user data.
- Webhook endpoint for importing SCIM user data
- Basic SCIM 2.0 REST API implementation for user resources
- In-memory storage for user data (can be extended to use a database)
- Written in TypeScript with Express.js
- Production-ready features:
- Bearer token authentication
- Request validation
- Rate limiting
- Comprehensive logging
- Security enhancements with Helmet
- Error handling
- Node.js (v14 or higher)
- npm (v6 or higher)
- Clone the repository
- Install dependencies
npm install- Create a
.envfile in the root directory (or use the default values):
PORT=3000
NODE_ENV=development
API_KEY=your-secret-api-key-here
REQUIRE_AUTH=true
To start the service in development mode:
npm run devTo build and run in production mode:
npm run build
npm startAll endpoints require Bearer token authentication unless disabled via the REQUIRE_AUTH environment variable:
Authorization: Bearer your-secret-api-key-here
POST /scim/v2/Users- Create a new userGET /scim/v2/Users- List all usersGET /scim/v2/Users/:id- Get a user by IDPUT /scim/v2/Users/:id- Update a userDELETE /scim/v2/Users/:id- Delete a user
POST /scim/v2/webhook/users- Import user data via webhook
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName": "john.doe",
"name": {
"familyName": "Doe",
"givenName": "John"
},
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"active": true
}curl -X POST http://localhost:3000/scim/v2/Users \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your-secret-api-key-here" \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName": "john.doe",
"name": {
"familyName": "Doe",
"givenName": "John"
},
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"active": true
}'curl -X GET http://localhost:3000/scim/v2/Users \
-H "Authorization: Bearer your-secret-api-key-here"Run tests with:
npm test| Environment Variable | Description | Default |
|---|---|---|
| PORT | Port to run the server on | 3000 |
| NODE_ENV | Environment (development/production) | development |
| API_KEY | Secret key for API authentication | your-secret-api-key-here |
| REQUIRE_AUTH | Whether to require authentication | true |
This service includes several production-ready features:
- Authentication - Bearer token authentication for API endpoints
- Validation - Input validation for SCIM data
- Rate Limiting - Protection against abuse
- Logging - Comprehensive request/response logging
- Security Headers - Using Helmet for improved security
- Error Handling - Consistent error response format
For a full production deployment, you might consider:
- Using a persistent database (MongoDB, PostgreSQL, etc.) instead of in-memory storage
- Adding monitoring and alerting
- Setting up CI/CD pipelines
- Implementing webhook signature verification
- Containerizing the application with Docker
- Setting up TLS/HTTPS
This is a proof-of-concept implementation and doesn't include all SCIM 2.0 protocol features like:
- Schema discovery
- Bulk operations
- Complex filtering
- Pagination
- Authentication and authorization
- Persistent storage
For a production environment, you would need to add these features along with proper error handling, logging, and security measures.