# Models
## The Resource object
```json
{"openapi":"3.0.2","info":{"title":"Qvalia SCIM API","version":"1.0.0"},"components":{"schemas":{"Resource":{"type":"object","description":"The resource is the base class to represent the entities of this RBAC REST API. It holds the attributes necessary for all actual resources (User, Group, Role, etc.).","properties":{"schemas":{"description":"The schema(s) involved in the SCIM resource.","type":"array","items":{"type":"string"}},"id":{"type":"string","format":"email","description":"A unique identifier for a SCIM resource as defined by the service provider. Each representation of the resource MUST include a non-empty \\\"id\\\" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the \\\"id\\\" attribute is always issued by the service provider and MUST NOT be specified by the client. The string \\\"bulkId\\\" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are \\\"caseExact\\\" as \\\"true\\\", a mutability of \\\"readOnly\\\", and a \\\"returned\\\" characteristic of \\\"always\\\". See [Section 9 RFC7643](https://www.rfc-editor.org/rfc/rfc7643.html#section-9) for additional considerations regarding privacy."}},"required":["id","schemas"]}}}}
```
## The User object
```json
{"openapi":"3.0.2","info":{"title":"Qvalia SCIM API","version":"1.0.0"},"components":{"schemas":{"User":{"allOf":[{"$ref":"#/components/schemas/Resource"}],"description":"SCIM provides a resource type for \\\"User\\\" resources. The core schema for \\\"User\\\" is identified using the following schema URI \\\"urn:ietf:params:scim:schemas:core:2.0:User\\\". The following attributes are defined in addition to the core schema attributes","properties":{"userName":{"description":"A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider. Often displayed to the user as their unique identifier within the system (as opposed to \\\"id\\\" or \\\"externalId\\\", which are generally opaque and not user-friendly identifiers). Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. This attribute is REQUIRED and is case insensitive.","type":"string"},"name":{"description":"The components of the user's name. Qvalia only allows the full formatted name once!","type":"array","items":{"properties":{"formatted":{"description":"The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., \\\"Jane Doe\\\").","type":"string"}}}},"title":{"description":"The user's title, such as \\\"IT Architect\\\".","type":"string"},"userType":{"description":"Used to identify the permission in Qvalia account.","type":"string","pattern":"^[viewer|user|admin]$","enum":["viewer","user","admin"]},"preferredLanguage":{"description":"Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including \\\"Accept-Language:\\\") and is specified in Section 5.3.5 of [RFC7231]. The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place.","type":"string","enum":["en","sv","fi"]},"active":{"description":"A Boolean value indicating the user's administrative status. The definitive meaning of this attribute is determined by the service provider. As a typical example, a value of true implies that the user is able to log in, while a value of false implies that the user's account has been suspended.","type":"boolean"},"password":{"writeOnly":true,"description":"This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password. The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider. If a service provider holds the value locally, the value SHOULD be hashed. When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows\n\n - Prepare the cleartext value for international language comparison. See Section 7.8 of [RFC7644].
\n - Validate the value against server password policy. Note, The definition and enforcement of password policy are beyond the scope of this document.
\n - Ensure that the value is encrypted (e.g., hashed). See Section 9.2 of [RFC7643] for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons.
\n
\nA service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)). If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption.\nTesting for an equality match MAY be supported if there is an existing stored hashed value. When testing for equality, the service provider\n\n - Prepares the filter value for international language comparison. See Section 7.8 of [RFC7644].
\n - Generates the salted hash of the filter value and tests for a match with the locally held value.
\n
\nThe mutability of the password attribute is \\\"writeOnly\\\", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic \\\"returned\\\" is \\\"never\\\").\n","type":"string","format":"password"},"emails":{"description":"Email addresses for the User. The value SHOULD be specified according to [RFC5321]. Service providers SHOULD canonicalize the value according to [RFC5321], e.g., \\\"user@company.com\\\" instead of \\\"user@COMPANY.COM\\\". Qvalia only allows one email!","type":"array","items":{"properties":{"value":{"description":"should return canonicalized representation of the email value","type":"string","format":"email"}},"required":["value"]}},"phoneNumbers":{"description":"Phone numbers for the user. The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'. Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate. The \\\"display\\\" sub-attribute MAY be used to return the canonicalized representation of the phone number value. Qvalia only allows one phone number!","type":"array","items":{"properties":{"value":{"description":"should return canonicalized representation of the phone value","type":"string","format":"string"}}}}},"required":["userName"]},"Resource":{"type":"object","description":"The resource is the base class to represent the entities of this RBAC REST API. It holds the attributes necessary for all actual resources (User, Group, Role, etc.).","properties":{"schemas":{"description":"The schema(s) involved in the SCIM resource.","type":"array","items":{"type":"string"}},"id":{"type":"string","format":"email","description":"A unique identifier for a SCIM resource as defined by the service provider. Each representation of the resource MUST include a non-empty \\\"id\\\" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the \\\"id\\\" attribute is always issued by the service provider and MUST NOT be specified by the client. The string \\\"bulkId\\\" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are \\\"caseExact\\\" as \\\"true\\\", a mutability of \\\"readOnly\\\", and a \\\"returned\\\" characteristic of \\\"always\\\". See [Section 9 RFC7643](https://www.rfc-editor.org/rfc/rfc7643.html#section-9) for additional considerations regarding privacy."}},"required":["id","schemas"]}}}}
```
## The ListResponse object
```json
{"openapi":"3.0.2","info":{"title":"Qvalia SCIM API","version":"1.0.0"},"components":{"schemas":{"ListResponse":{"description":"The ListResponse specifies control attribute for big collections returned. The attributes thus cover information about the pagination. The assigned Resource object contains the queried resources.","type":"object","properties":{"totalResults":{"type":"integer","format":"int32","description":"Non-negative integer. Specifies the total number of results matching the client query, e.g., 1000."},"startIndex":{"type":"integer","format":"int32","description":"The 1-based index of the first result in the current set of query results, e.g., 1."},"itemsPerPage":{"type":"integer","format":"int32","description":"Non-negative integer. Specifies the number of query results returned in a query response page, e.g., 10."}},"required":["totalResults","startIndex","itemsPerPage"]}}}}
```
## The UserListResponse object
```json
{"openapi":"3.0.2","info":{"title":"Qvalia SCIM API","version":"1.0.0"},"components":{"schemas":{"UserListResponse":{"allOf":[{"$ref":"#/components/schemas/ListResponse"}],"properties":{"Resource":{"type":"array","items":{"$ref":"#/components/schemas/User"}}},"required":["Resource"]},"ListResponse":{"description":"The ListResponse specifies control attribute for big collections returned. The attributes thus cover information about the pagination. The assigned Resource object contains the queried resources.","type":"object","properties":{"totalResults":{"type":"integer","format":"int32","description":"Non-negative integer. Specifies the total number of results matching the client query, e.g., 1000."},"startIndex":{"type":"integer","format":"int32","description":"The 1-based index of the first result in the current set of query results, e.g., 1."},"itemsPerPage":{"type":"integer","format":"int32","description":"Non-negative integer. Specifies the number of query results returned in a query response page, e.g., 10."}},"required":["totalResults","startIndex","itemsPerPage"]},"User":{"allOf":[{"$ref":"#/components/schemas/Resource"}],"description":"SCIM provides a resource type for \\\"User\\\" resources. The core schema for \\\"User\\\" is identified using the following schema URI \\\"urn:ietf:params:scim:schemas:core:2.0:User\\\". The following attributes are defined in addition to the core schema attributes","properties":{"userName":{"description":"A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider. Often displayed to the user as their unique identifier within the system (as opposed to \\\"id\\\" or \\\"externalId\\\", which are generally opaque and not user-friendly identifiers). Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. This attribute is REQUIRED and is case insensitive.","type":"string"},"name":{"description":"The components of the user's name. Qvalia only allows the full formatted name once!","type":"array","items":{"properties":{"formatted":{"description":"The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., \\\"Jane Doe\\\").","type":"string"}}}},"title":{"description":"The user's title, such as \\\"IT Architect\\\".","type":"string"},"userType":{"description":"Used to identify the permission in Qvalia account.","type":"string","pattern":"^[viewer|user|admin]$","enum":["viewer","user","admin"]},"preferredLanguage":{"description":"Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including \\\"Accept-Language:\\\") and is specified in Section 5.3.5 of [RFC7231]. The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place.","type":"string","enum":["en","sv","fi"]},"active":{"description":"A Boolean value indicating the user's administrative status. The definitive meaning of this attribute is determined by the service provider. As a typical example, a value of true implies that the user is able to log in, while a value of false implies that the user's account has been suspended.","type":"boolean"},"password":{"writeOnly":true,"description":"This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password. The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider. If a service provider holds the value locally, the value SHOULD be hashed. When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows\n\n - Prepare the cleartext value for international language comparison. See Section 7.8 of [RFC7644].
\n - Validate the value against server password policy. Note, The definition and enforcement of password policy are beyond the scope of this document.
\n - Ensure that the value is encrypted (e.g., hashed). See Section 9.2 of [RFC7643] for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons.
\n
\nA service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)). If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption.\nTesting for an equality match MAY be supported if there is an existing stored hashed value. When testing for equality, the service provider\n\n - Prepares the filter value for international language comparison. See Section 7.8 of [RFC7644].
\n - Generates the salted hash of the filter value and tests for a match with the locally held value.
\n
\nThe mutability of the password attribute is \\\"writeOnly\\\", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic \\\"returned\\\" is \\\"never\\\").\n","type":"string","format":"password"},"emails":{"description":"Email addresses for the User. The value SHOULD be specified according to [RFC5321]. Service providers SHOULD canonicalize the value according to [RFC5321], e.g., \\\"user@company.com\\\" instead of \\\"user@COMPANY.COM\\\". Qvalia only allows one email!","type":"array","items":{"properties":{"value":{"description":"should return canonicalized representation of the email value","type":"string","format":"email"}},"required":["value"]}},"phoneNumbers":{"description":"Phone numbers for the user. The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'. Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate. The \\\"display\\\" sub-attribute MAY be used to return the canonicalized representation of the phone number value. Qvalia only allows one phone number!","type":"array","items":{"properties":{"value":{"description":"should return canonicalized representation of the phone value","type":"string","format":"string"}}}}},"required":["userName"]},"Resource":{"type":"object","description":"The resource is the base class to represent the entities of this RBAC REST API. It holds the attributes necessary for all actual resources (User, Group, Role, etc.).","properties":{"schemas":{"description":"The schema(s) involved in the SCIM resource.","type":"array","items":{"type":"string"}},"id":{"type":"string","format":"email","description":"A unique identifier for a SCIM resource as defined by the service provider. Each representation of the resource MUST include a non-empty \\\"id\\\" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the \\\"id\\\" attribute is always issued by the service provider and MUST NOT be specified by the client. The string \\\"bulkId\\\" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are \\\"caseExact\\\" as \\\"true\\\", a mutability of \\\"readOnly\\\", and a \\\"returned\\\" characteristic of \\\"always\\\". See [Section 9 RFC7643](https://www.rfc-editor.org/rfc/rfc7643.html#section-9) for additional considerations regarding privacy."}},"required":["id","schemas"]}}}}
```
## The Error object
```json
{"openapi":"3.0.2","info":{"title":"Qvalia SCIM API","version":"1.0.0"},"components":{"schemas":{"Error":{"type":"object","properties":{"status":{"type":"string"},"type":{"type":"string"},"data":{"type":"string"},"metadata":{"type":"object","properties":{}}}}}}}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://api.qvalia.io/api-documentation/apis/scim/models.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.