> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Start SCIM Token Rotation

> Start the token rotation process for a SCIM connection

export const action_0 = "update"

export const resource_0 = "stytch.scim"

<Note>
  **RBAC Enforced API**

  If a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the **{action_0} Action** on the **{resource_0} Resource** prior to honoring the request.

  To learn more, see the [RBAC guide](/multi-tenant-auth/enterprise-ready/rbac).
</Note>


## OpenAPI

````yaml POST /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start:
    post:
      tags:
        - B2B Scim
      summary: Rotatestart
      description: Start a SCIM token rotation.
      operationId: api_b2b_scim_v1_b2b_scim_connection_RotateStart
      parameters:
        - name: organization_id
          in: path
          required: true
          schema:
            type: string
            description: >-
              Globally unique UUID that identifies a specific Organization. The
              `organization_id` is critical to perform operations on an
              Organization, so be sure to preserve this value. You may also use
              the organization_slug or organization_external_id here as a
              convenience.
          description: >-
            Globally unique UUID that identifies a specific Organization. The
            `organization_id` is critical to perform operations on an
            Organization, so be sure to preserve this value. You may also use
            the organization_slug or organization_external_id here as a
            convenience.
        - name: connection_id
          in: path
          required: true
          schema:
            type: string
            description: The ID of the SCIM connection.
          description: The ID of the SCIM connection.
        - name: X-Stytch-Member-Session
          in: header
          required: false
          description: >-
            A Stytch session that can be used to run the request with the given
            member's permissions.
          schema:
            type: string
        - name: X-Stytch-Member-SessionJWT
          in: header
          required: false
          description: >-
            A Stytch Session JSON Web Token (JWT) that can be used to run the
            request with the given member's permissions.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/api_b2b_scim_v1_b2b_scim_connection_RotateStartRequest
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/api_b2b_scim_v1_b2b_scim_connection_RotateStartResponse
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: >-
            // POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            const stytch = require('stytch');


            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });


            const params = {
              organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              connection_id: "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
            };


            const options = {
              authorization: {
                session_token: '${sessionToken}',
              },
            };


            client.SCIM.Connection.RotateStart(params, options)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// POST /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/b2bstytchapi\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/scim/connection\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/methodoptions\"\n)\n\nfunc main() {\n\tclient, err := b2bstytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &connection.RotateStartParams{\n\t\tOrganizationID: \"organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931\",\n\t\tConnectionID:   \"scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc\",\n\t}\n\n\toptions := &connection.RotateStartParamsOptions{\n\t\tAuthorization: methodoptions.Authorization{\n\t\t\tSessionToken: \"${sessionToken}\",\n\t\t},\n\t}\n\n\tresp, err := client.SCIM.Connection.RotateStart(context.Background(), params, options)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: >-
            // POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            package com.example;


            import com.stytch.java.b2b.models.scimconnection.RotateStartRequest;

            import
            com.stytch.java.b2b.models.scimconnection.RotateStartRequestOptions;

            import com.stytch.java.b2b.StytchB2BClient;

            import com.stytch.java.common.methodoptions.Authorization;

            import com.stytch.java.common.StytchResult;


            public class Main {
                public static void main(String[] args) {
                    StytchB2BClient.configure("${projectId}", "${secret}");

                    RotateStartRequest params = new RotateStartRequest();
                    params.setOrganizationId("organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931");
                    params.setConnectionId("scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc");

                    RotateStartRequestOptions options = new RotateStartRequestOptions();
                    Authorization authorization = new Authorization();
                    authorization.setSessionToken("${sessionToken}");
                    options.setAuthorization(authorization);

                    Object result = StytchB2BClient.getSCIM().getConnection().rotateStart(params, options);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: >
            // POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            package com.example


            import com.stytch.java.b2b.StytchB2BClient

            import com.stytch.java.b2b.models.scimconnection.RotateStartRequest

            import
            com.stytch.java.b2b.models.scimconnection.RotateStartRequestOptions

            import com.stytch.java.common.methodoptions.Authorization


            fun main() {
                StytchB2BClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchB2BClient.scim.connection.rotateStart(
                            RotateStartRequest(
                                organizationId = "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                                connectionId = "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
                            ),
                            RotateStartRequestOptions(
                                Authorization(
                                    sessionToken = "${sessionToken}",
                                ),
                            ),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: >-
            // POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            const stytch = require('stytch');


            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });


            const params = {
              organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              connection_id: "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
            };


            const options = {
              authorization: {
                session_token: '${sessionToken}',
              },
            };


            client.scim.connection.rotateStart(params, options)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->scim->connection->rotate_start([
                'organization_id' => 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
                'connection_id' => 'scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc',
            ], [
                    'authorization' => ['session_token' => '${sessionToken}'],

            ]);
        - lang: python
          label: Python
          source: >
            # POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            from stytch import B2BClient

            from stytch.b2b.models.scim_connection import
            RotateStartRequestOptions

            from stytch.shared.method_options import Authorization


            client = B2BClient(
                project_id="${projectId}",
                secret="${secret}",
            )


            resp = client.scim.connection.rotate_start(
                organization_id="organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                connection_id="scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
                method_options=RotateStartRequestOptions(
                    authorization=Authorization(
                        session_token="${sessionToken}",
                    ),
                ),
            )


            print(resp)
        - lang: ruby
          label: Ruby
          source: >-
            # frozen_string_literal: true


            # POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            require 'stytch'


            client = StytchB2B::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )


            resp = client.scim.connection.rotate_start(
              organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
              connection_id: "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
              method_options: StytchB2B::SCIM::Connection::RotateStartRequestOptions.new(
                authorization: Stytch::MethodOptions::Authorization.new(session_token: '${sessionToken}')
              )
            )


            puts resp
        - lang: rust
          label: Rust
          source: >-
            // POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            use stytch::b2b::client::Client;

            use stytch::b2b::scim_connection::RotateStartRequest;


            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.scim.connection.rotate_start(
                    RotateStartRequest{
                        organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
                        connection_id: "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: >-
            # POST
            /v1/b2b/scim/{organization_id}/connection/{connection_id}/rotate/start

            curl --request POST \
              --url https://test.stytch.com/v1/b2b/scim/organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931/connection/scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc/rotate/start \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json' \
              -H "X-Stytch-Member-Session: ${sessionToken}"
components:
  schemas:
    api_b2b_scim_v1_b2b_scim_connection_RotateStartRequest:
      type: object
      properties: {}
      description: Request type
    api_b2b_scim_v1_b2b_scim_connection_RotateStartResponse:
      type: object
      properties:
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        status_code:
          type: integer
          format: int32
          description: >-
            The HTTP status code of the response. Stytch follows standard HTTP
            response status code patterns, e.g. 2XX values equate to success,
            3XX values are redirects, 4XX are client errors, and 5XX are server
            errors.
        connection:
          $ref: '#/components/schemas/api_b2b_scim_v1_SCIMConnectionWithNextToken'
          description: >-
            The [SCIM Connection
            Object](https://stytch.com/docs/b2b/api/scim-connection-object).
      required:
        - request_id
        - status_code
    api_b2b_scim_v1_SCIMConnectionWithNextToken:
      type: object
      properties:
        organization_id:
          type: string
          description: >-
            Globally unique UUID that identifies a specific Organization. The
            `organization_id` is critical to perform operations on an
            Organization, so be sure to preserve this value. You may also use
            the organization_slug or organization_external_id here as a
            convenience.
        connection_id:
          type: string
          description: The ID of the SCIM connection.
        status:
          type: string
          description: >-
            The status of the connection. The possible values are deleted or
            active.
        display_name:
          type: string
          description: A human-readable display name for the connection.
        base_url:
          type: string
          description: >-
            The URL supplied to the Identity Provider (IdP) alongside the bearer
            token enabling access to Stytch's SCIM API endpoints
        identity_provider:
          type: string
          description: >-
            Name of the IdP. Enum with possible values: `okta`,
            `microsoft-entra`, `cyberark`, `jumpcloud`, `onelogin`,
            `pingfederate`, `rippling` or `generic`. 


            Specifying a known provider allows Stytch to handle any
            provider-specific logic, such as automatically appending
            `?aadOptscim062020` to the returned BaseURL for `microsoft-entra`
            SCIM Connections to [enable the SCIM 2.0 compliant
            flag](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/application-provisioning-config-problem-scim-compatibility#scim-20-compliance-issues-and-status).
        bearer_token_last_four:
          type: string
          description: >-
            The last four digits of the bearer token. If you've lost access to
            your `bearer_token` and need to generate a new one, use the [SCIM
            rotate token start
            endpoint](https://stytch.com/docs/b2b/api/scim-rotate-token-start).
        next_bearer_token:
          type: string
          description: >-
            This field is supplied only during [token
            rotation](https://stytch.com/docs/b2b/api/scim-rotate-token-start).
            This token should be used as the new bearer token for the SCIM
            connection after token rotation has been completed using the [SCIM
            rotate token complete
            endpoint](https://stytch.com/docs/b2b/api/scim-rotate-token-complete).
        scim_group_implicit_role_assignments:
          type: array
          items:
            $ref: >-
              #/components/schemas/api_b2b_scim_v1_SCIMGroupImplicitRoleAssignments
          description: >-
            An array of SCIM group implicit role assignments. Each object in the
            array must contain a `group_id` and a `role_id`.
        bearer_token_expires_at:
          type: string
          description: The bearer token expiry time.
        next_bearer_token_expires_at:
          type: string
          description: >-
            This field is supplied only during [token
            rotation](https://stytch.com/docs/b2b/api/scim-rotate-token-start).
            The next bearer token expiry time.
      required:
        - organization_id
        - connection_id
        - status
        - display_name
        - base_url
        - identity_provider
        - bearer_token_last_four
        - next_bearer_token
        - scim_group_implicit_role_assignments
    api_b2b_scim_v1_SCIMGroupImplicitRoleAssignments:
      type: object
      properties:
        role_id:
          type: string
          description: The ID of the role.
        group_id:
          type: string
          description: The ID of the group.
        group_name:
          type: string
      required:
        - role_id
        - group_id
        - group_name
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````