search
Get Demo

Create a company with SCIM and DEC

As a Reseller you can onboard a new customer and configure SCIM (user provisioning) and Direct Email Creation (DEC) for that company in a single workflow. The flow: create the company, then configure SCIM so the customer's IdP provisions users, and set up DEC so phishing simulations and training emails are sent via the customer's Microsoft 365 or Google Workspace tenant. Use a credential with Client Role = Reseller. After company creation, send X-KEEPNET-Company-Id with the new company's resourceId.

hashtag
POST /api/companies

Creates a new company. The request uses multipart/form-data. Required fields: Name, CountryResourceId, IndustryResourceId, LicenseTypeResourceId, LicensePeriodTypeResourceId, NumberOfUsers, TimeZoneId, DateFormat, TimeFormat. Reference IDs are platform-specific — use values from your environment. See Endpoints → Company for the full schema.

hashtag
Creates a new company

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
Filestring · binaryOptional
Namestring · max: 64Required
Descriptionstring · max: 300Optional
IndustryResourceIdstringRequired
CountryResourceIdstringRequired
Addressstring · max: 200Optional
WebsiteUrlstring · max: 2000Optional
LicenseTypeResourceIdstringRequired
LicenseModuleResourceIdArraystring[]Optional
LicensePeriodTypeResourceIdstringRequired
LicenseStartDatestring · date-timeOptional
LicenseEndDatestring · date-timeOptional
IsNumberOfUsersLimitedbooleanOptional
NumberOfUsersinteger · int32Required
NotificationTemplateTypeResourceIdstringOptional
TrainingContentTypeResourceIdstringOptional
SmtpConfigurationTypeResourceIdstringOptional
PreferredLanguageTypeResourceIdstringOptional
IsVersionVisiblebooleanOptional
IsReleaseNotesVisiblebooleanOptional
ReleaseNotesUrlstring · max: 2000Optional
CompanyGroupResourceIdArraystring[]Optional
BaseManHourCostinteger · int32Optional
BaseManHourinteger · int32Optional
StatusIdinteger · int32Optional
TimeZoneIdstringRequired
DateFormatstringRequired
TimeFormatstringRequired
CallBackNumberBookingCountinteger · int32Optional
Tagsstring[]Optional
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/companies
200

OK

From the response, note the new company's resourceId. Use it as X-KEEPNET-Company-Id in all subsequent requests.

hashtag
POST /api/companies/clients

Creates REST API credentials (Client ID / Client Secret) for the new company. This is required if the customer will use the API themselves. Send X-KEEPNET-Company-Id with the new company's resourceId.

hashtag
Creates a new client for company

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
namestring · min: 1 · max: 64Required
clientIdstring · min: 1 · max: 32Required
clientSecretstring · min: 1 · max: 100Required
statusIdinteger · int32Required
hasIpAddressRestrictionbooleanOptional
allowedIpAddressesstring[] · nullableOptional
roleResourceIdListstring[] · nullableOptional
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/companies/clients
200

OK

hashtag
POST /api/scim

Creates a new SCIM integration for the company. Send X-KEEPNET-Company-Id. Body: name (required, max 30 chars), optional groupResourceId (assign provisioned users to a target group), and optional fieldMappings (map SCIM attributes to Keepnet fields). The response includes token and baseUrl — provide these to the customer for their IdP (Entra ID, Okta, etc.).

hashtag
Creates a new scim integration

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
namestring · max: 30RequiredExample: Entra ID SCIM
groupResourceIdstring · nullableOptional

Assign provisioned users to a target group

syncPlatformGroupbooleanOptionalExample: false
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/scim
200

OK

Example body:

hashtag
GET /api/scim/fields

Returns all available SCIM fields that can be mapped. Use these values to configure fieldMappings in the SCIM integration if needed. Send X-KEEPNET-Company-Id.

hashtag
Returns all available scim fields

get
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
get
/api/scim/fields
200

OK

hashtag
POST /api/companies/direct-email-settings

Creates a Direct Email Creation (DEC) setting for the company. Send X-KEEPNET-Company-Id. Body: name (required), tenantId (required — the customer's Microsoft 365 or Google Workspace tenant ID), allowedDomains (required — list of email domains authorized for sending), and type (1 = Microsoft 365, 2 = Google Workspace).

hashtag
Creates a new Direct Email setting for a company

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
namestring · max: 64RequiredExample: Acme Corp M365 DEC
tenantIdstringRequiredExample: a1b2c3d4-e5f6-7890-abcd-ef1234567890
allowedDomainsstring[]RequiredExample: ["acmecorp.com"]
typeintegerOptional

1 = Microsoft 365, 2 = Google Workspace

Example: 1
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/companies/direct-email-settings
200

OK

Example body (Microsoft 365):

hashtag
POST /api/companies/direct-email-settings/test

Tests the DEC connection by sending a test email through the customer's tenant. Send X-KEEPNET-Company-Id. Use the resourceId from the DEC create response.

hashtag
Performs a connection test of a direct email setting

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
resourceIdstringOptionalExample: <decResourceId>
fromstringOptionalExample: [email protected]
fromNamestringOptionalExample: Keepnet
tostringOptionalExample: [email protected]
messagestringOptionalExample: DEC test email
tenantIdstringOptionalExample: a1b2c3d4-e5f6-7890-abcd-ef1234567890
typeintegerOptionalExample: 1
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/companies/direct-email-settings/test
200

OK

Example body:

hashtag
PUT /api/companies/direct-email-settings/make-default/{resourceId}

Sets the DEC as the default email delivery method for this company. Replace {resourceId} with the DEC ID. Send X-KEEPNET-Company-Id.

hashtag
Sets a DEC as default

put
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Path parameters
resourceIdstringRequired
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
put
/api/companies/direct-email-settings/make-default/{resourceId}
200

OK

hashtag
Common errors

  • 403 Forbidden — Credential is not Reseller. Set Client Role = Reseller. Roles and permissions →

  • 401 Unauthorized — Missing or invalid token. Request a new token via POST /connect/token.

  • 400 Bad Request — Missing required fields. For company creation: check Name, CountryResourceId, IndustryResourceId, etc. For SCIM: name is required (max 30 chars). For DEC: name, tenantId, and allowedDomains are required.

  • 409 Conflict — A SCIM integration or DEC with the same name already exists for this company.

circle-info

Platform UI: Configure SCIM under Company → Company Settings → SCIM Settings. SCIM Settings →. Configure DEC under Company → Company Settings → Direct Email Creation. Direct Email Creation →

Related: Create a company → (basic company creation). Set up SCIM for a customer →. Scope API requests to a customer →.

PreviousCreate a companyNextGet a company

Last updated