Identities (2)

The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in cloud-based applications and services easier

Background: The standards of the SCIM 2.0 API are defined and released as RFC7642, RFC7643 and RFC7644 under IETF. Please refer - https://scim.cloud/#Specification.

Create user

post/v2/scim/Users

Creates a user in the client's namespace.

SecurityOauth2

Request

header Parameters

Content-Type required	string [ 1 .. 255 ] characters ^[A-Za-z0-9/+-]+$ The media type. Required for operations with a request body. The value is `application/<format>`, where the `format` is `scim+json`.
Authorization required	string To make REST API calls, include the bearer token in this header with the `Bearer` authentication scheme. The value is `Bearer <Access-Token>` or `Basic <client_id:secret>`.

Request Body schema: application/scim+json

The SCIM user information.

schemas required	Array of strings <uri> [ 1 .. 10 ] items An array of identified schemas.
externalId	string [ 1 .. 128 ] characters ^.*$ A String that is an identifier for the resource as defined by the external or 3rd party client. The pattern is not provided because the value is defined by an external party.
userName required	string [ 1 .. 254 ] characters ^(?![0-9]*$)[a-zA-Z0-9]{8,16}$ Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. The pattern is not provided because the value is defined by an external party.
	object (ScimName) The components of the user's real name.
	Array of objects (ScimEmail) [ 1 .. 10 ] items Email addresses for the user. The value SHOULD be specified according to [RFC5321]. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.
	Array of objects (ScimPhone) [ 1 .. 10 ] items Phone numbers for the User. The value SHOULD be specified according to the format defined in [RFC3966], e.g.,'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.
	Array of objects (ScimAddress) [ 1 .. 10 ] items Addresses for the User defined following the RFC 7643 specification.
	Array of objects (ScimEntitlement) [ 1 .. 10000 ] items A list of entitlements for the User that represent a thing the User has.
	object (ScimMeta) Metadata about the resource such as type, time create, etc.
preferredLanguage	string <ppaas_common_language_v3> (language) [ 2 .. 10 ] characters ^[a-z]{2}(?:-[A-Z][a-z]{3})?(?:-(?:[A-Z]{2}\|[... The language tag for the language in which to localize the error-related strings, such as messages, issues, and suggested actions. The tag is made up of the ISO 639-2 language code, the optional ISO-15924 script tag, and the ISO-3166 alpha-2 country code or M49 region code.
timezone	string <ppaas_time_zone_v3> (time_zone) [ 1 .. 127 ] characters The time zone, in Internet Assigned Numbers Authority (IANA) time zone (tz) database format. A valid value is `America/New_York` or `Etc/UTC`. Do not use ambiguous, non-qualified tz database values, such as `EST` or `GB`. Before you include this type in your interface, consider whether it is appropriate to convey time zone information with your type. At the time of display to the user, transform this value from UTC. Typically, this type is associated with user-preference APIs.

Responses

201

A successful request returns the HTTP 201 Created status code and a JSON response body that shows the SCIM user information.

Request samples

Payload
cURL
Node.js
Java
Python

application/scim+json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "sydneyml531",
"name": {"givenName": "Sydney",
"familyName": "McLaughlin"
},
"emails": [{"value": "sydneyml@shop.com",
"primary": true
}
]
}

Response samples

{"schemas": ["http://example.com"
],
"externalId": "string",
"userName": "string",
"name": {"familyName": "string",
"givenName": "string",
"middleName": "string",
"honorificPrefix": "string",
"honorificSuffix": "string"
},
"active": true,
"emails": [{"type": "work",
"primary": true,
"value": "string"
}
],
"phoneNumbers": [{"value": "string",
"type": "work",
"primary": true
}
],
"addresses": [{"streetAddress": "string",
"locality": "string",
"region": "string",
"postalCode": "string",
"type": "work",
"country": "string"
}
],
"entitlements": [{"value": "string"
}
],
"id": "string",
"meta": {"resourceType": "User",
"location": "http://example.com",
"created": "string",
"lastModified": "string"
},
"preferredLanguage": "string",
"timezone": "string"
}

List users

get/v2/scim/Users

Lists users. You can specify query parameters to filter the users that appear in the list.

SecurityOauth2

Request

query Parameters

filter

required

string

Filters the users in the response list by a key, in the format key eq value, where key is userName.

header Parameters

Authorization

required

string

To make REST API calls, include the bearer token in this header with the Bearer authentication scheme. The value is Bearer <Access-Token> or Basic <client_id:secret>.

Responses

200

A successful request returns the HTTP 200 OK status code and a JSON response body that lists users that match the search criteria.

Request samples

cURL
Node.js
Java
Python

curl -v -X GET https://api-m.sandbox.paypal.com/v2/scim/Users?filter=userName eq "sydneyml531" \
-H 'Content-Type: application/scim+json' \
-H 'Authorization: Bearer <Access-Token>'

Response samples

{"schemas": ["http://example.com"
],
"startIndex": 1,
"itemsPerPage": 1,
"totalResults": 5000,
"Resources": [{"schemas": ["http://example.com"
],
"externalId": "string",
"userName": "string",
"name": {"familyName": "string",
"givenName": "string",
"middleName": "string",
"honorificPrefix": "string",
"honorificSuffix": "string"
},
"active": true,
"emails": [{"type": "work",
"primary": true,
"value": "string"
}
],
"phoneNumbers": [{"value": "string",
"type": "work",
"primary": true
}
],
"addresses": [{"streetAddress": "string",
"locality": "string",
"region": "string",
"postalCode": "string",
"type": "work",
"country": "string"
}
],
"entitlements": [{"value": "string"
}
],
"id": "string",
"meta": {"resourceType": "User",
"location": "http://example.com",
"created": "string",
"lastModified": "string"
},
"preferredLanguage": "string",
"timezone": "string"
}
]
}

Update user

patch/v2/scim/Users/{id}

Updates the information for a user, by user ID.

SecurityOauth2

Request

path Parameters

required

string <ppaas_payer_id_v3> = 13 characters ^[2-9A-HJ-NP-Z]{13}$

The ID of the user for which to update the information.

header Parameters

Content-Type required	string [ 1 .. 255 ] characters ^[A-Za-z0-9/+-]+$ The media type. Required for operations with a request body. The value is `application/<format>`, where the `format` is `scim+json`.
Authorization required	string To make REST API calls, include the bearer token in this header with the `Bearer` authentication scheme. The value is `Bearer <Access-Token>` or `Basic <client_id:secret>`.

Request Body schema: application/scim+json

The SCIM Patch request.

schemas	Array of strings <uri> [ 1 .. 10 ] items
	Array of objects [ 1 .. 100 ] items List of patch operations

Responses

200

A successful request returns the HTTP 200 OK response code and the entire resource within the response body.

Request samples

Payload
cURL
Node.js
Java
Python

application/scim+json

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [{"op": "add",
"path": "entitlements",
"value": [{"value": "account|AMQC5GRBUC2J6|ROLE|MASS_PAY"
}
]
}
]
}

Response samples

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "sydneyml531",
"name": {"familyName": "McLaughlin",
"givenName": "Sydney"
},
"emails": [{"value": "sydneyml@shop.com",
"primary": true
}
],
"entitlements": [{"value": "account|AMQC5GRBUC2J6|ROLE|GENERAL_SECONDARY_LOGIN"
},
{"value": "account|AMQC5GRBUC2J6|ROLE|MASS_PAY"
},
{"value": "account|AMQC5GRBUC2J6|ROLE|ADD_FUNDS"
},
{"value": "account|AMQC5GRBUC2J6|ROLE|AUTH_SETTLE"
},
{"value": "account|AMQC5GRBUC2J6|ROLE|CANCEL_PAYMENTS"
},
{"value": "account|AMQC5GRBUC2J6|ROLE|CUSTOMIZE_REPORTS"
}
],
"id": "7XRNGHV24HQL4",
"externalId": "sydneyml531",
"meta": {"resourceType": "User",
"created": "2022-12-29T14:05:46Z",
"location": "https://api.paypal.com/v2/scim/Users/7XRNGHV24HQL4"
}
}

Show user details

get/v2/scim/Users/{id}

Shows details for a user, by ID.

SecurityOauth2

Request

path Parameters

required

string <ppaas_payer_id_v3> = 13 characters ^[2-9A-HJ-NP-Z]{13}$

The ID of the user for which to show details.

header Parameters

Authorization

required

string

To make REST API calls, include the bearer token in this header with the Bearer authentication scheme. The value is Bearer <Access-Token> or Basic <client_id:secret>.

Responses

200

A successful request returns the HTTP 200 OK status code and a JSON response body that shows user details.

Request samples

cURL
Node.js
Java
Python

curl -v -X GET https://api-m.sandbox.paypal.com/v2/scim/Users/7XRNGHV24HQL4 \
-H 'Content-Type: application/scim+json' \
-H 'Authorization: Bearer <Access-Token>'

Response samples

{"schemas": ["http://example.com"
],
"externalId": "string",
"userName": "string",
"name": {"familyName": "string",
"givenName": "string",
"middleName": "string",
"honorificPrefix": "string",
"honorificSuffix": "string"
},
"active": true,
"emails": [{"type": "work",
"primary": true,
"value": "string"
}
],
"phoneNumbers": [{"value": "string",
"type": "work",
"primary": true
}
],
"addresses": [{"streetAddress": "string",
"locality": "string",
"region": "string",
"postalCode": "string",
"type": "work",
"country": "string"
}
],
"entitlements": [{"value": "string"
}
],
"id": "string",
"meta": {"resourceType": "User",
"location": "http://example.com",
"created": "string",
"lastModified": "string"
},
"preferredLanguage": "string",
"timezone": "string"
}

Delete user

delete/v2/scim/Users/{id}

Delete the information for a user, by ID.

SecurityOauth2

Request

path Parameters

required

string <ppaas_payer_id_v3> = 13 characters ^[2-9A-HJ-NP-Z]{13}$

The ID of the user for which to delete the user.

header Parameters

Authorization

required

string

To make REST API calls, include the bearer token in this header with the Bearer authentication scheme. The value is Bearer <Access-Token> or Basic <client_id:secret>.

Request samples

cURL
Node.js
Java
Python

curl -v -X DELETE https://api-m.sandbox.paypal.com/v2/scim/Users/7XRNGHV24HQL4 \
-H 'Content-Type: application/scim+json' \
-H 'Authorization: Bearer <Access-Token>'

Definitions

account_id

The PayPal payer ID, which is a publicly-sharable of the PayPal account number intended for use with third parties.

string <ppaas_payer_id_v3> (account_id) = 13 characters ^[2-9A-HJ-NP-Z]{13}$

The PayPal payer ID, which is a publicly-sharable of the PayPal account number intended for use with third parties.

"stringstrings"

country_code

The 2-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

string <ppaas_common_country_code_v2> (country_code) = 2 characters ^([A-Z]{2}|C2)$

The 2-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

"st"

date_time

The date and time, in Internet date and time format. Seconds are required while fractional seconds are optional.

Note: The regular expression provides guidance but does not reject all invalid dates.

string <ppaas_date_time_v3> (date_time) [ 20 .. 64 ] characters ^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|...

The date and time, in Internet date and time format. Seconds are required while fractional seconds are optional.

Note: The regular expression provides guidance but does not reject all invalid dates.

"stringstringstringst"

email_address

The internationalized email address.

Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.

string <ppaas_common_email_address_v2> (email_address) [ 3 .. 254 ] characters ^.+@[^"\-].+$

The internationalized email address.

Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.

"string"

language

The language tag for the language in which to localize the error-related strings, such as messages, issues, and suggested actions. The tag is made up of the ISO 639-2 language code, the optional ISO-15924 script tag, and the ISO-3166 alpha-2 country code or M49 region code.

string <ppaas_common_language_v3> (language) [ 2 .. 10 ] characters ^[a-z]{2}(?:-[A-Z][a-z]{3})?(?:-(?:[A-Z]{2}|[...

"string"

ScimAddress

Address for the User defined following the RFC 7643 specification.

streetAddress

string [ 1 .. 300 ] characters ^.*$

The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute MAY contain newlines. The pattern is not provided because this property supports Unicode.

locality

string [ 1 .. 300 ] characters ^.*$

The city or locality component. The pattern is not provided because this property supports Unicode.

region

string [ 1 .. 300 ] characters ^.*$

The state or region component. The pattern is not provided because this property supports Unicode.

postalCode

string [ 1 .. 60 ] characters ^.*$

The zip code or postal code component.

type

string [ 1 .. 255 ] characters ^[A-Za-z]+$

A label indicating the attribute's function, e.g., 'work' or 'home'.

Enum:	Description
work	Work address.
home	Home address.

country

required

string <ppaas_common_country_code_v2> (country_code) = 2 characters ^([A-Z]{2}|C2)$

The 2-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

{"streetAddress": "string",
"locality": "string",
"region": "string",
"postalCode": "string",
"type": "work",
"country": "string"
}

ScimEmail

Email address for the user. The value SHOULD be specified according to [RFC5321]. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.

type

string [ 1 .. 255 ] characters ^[A-Za-z]+$

A label indicating the attribute's function, e.g., 'work' or 'home'.

Enum:	Description
work	Work email.
home	Home email.
other	Other email.

primary

boolean

A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred primary email address. The primary attribute value 'true' MUST appear no more than once.

value

required

string <ppaas_common_email_address_v2> (email_address) [ 3 .. 254 ] characters ^.+@[^"\-].+$

The internationalized email address.

Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.

{"type": "work",
"primary": true,
"value": "string"
}

ScimEntitlement

An entitlement for the User that represent a thing the User has.

value

required

string [ 1 .. 300 ] characters ^[A-Za-z].+$

The value of an entitlement, SCIM server will use this attribute with information encoded into the string using a delimiter. The structure of the encoded string must be as follows: 'ResourceType|ResourceId|ROLE|RoleName' where ResourceType values can be 'ACCOUNT' or 'NODE', ResourceId values can be Node identifier - Absolute path of node for NODE ResourceType or payerId of account for ACCOUNT ResourceType, RoleName value is Role Identifier.

{"value": "string"
}

ScimError

Error schema as defined by SCIM 2.0 .

schemas

required

Array of strings <uri> [ 1 .. 10 ] items

Error responses following the identified schemas.

status

required

string = 3 characters ^[1-5]{1}[0-9]{2}$

The HTTP status code (see Section 6 of [RFC7231]) expressed as a JSON string.

scimType

string [ 2 .. 20 ] characters ^[A-Za-z]+$

A SCIM detail error keyword.

Enum:	Description
invalidFilter	The specified filter syntax was invalid.
tooMany	The specified filter yields many more results than the server is willing to process.
uniqueness	One or more of the attribute values are already in use or are reserved.
mutability	The attempted modification is not compatible with the target attribute's mutability or current state.
invalidSyntax	The request body message structure was invalid or did not conform to the request schema.
invalidPath	The "path" attribute was invalid or malformed.
noTarget	The specified "path" did not yield an attribute or attribute value that could be operated on.
invalidValue	A required value was missing, or the value specified was not compatible with the operation or attribute type.
invalidVers	The specified SCIM protocol version is not supported.
sensitive	The specified request cannot be completed, due to the passing of sensitive information in a request URI.

detail

string [ 2 .. 128 ] characters ^[A-Za-z].+$

A detailed human-readable message.

{"schemas": ["http://example.com"
],
"status": "str",
"scimType": "invalidFilter",
"detail": "string"
}

ScimMeta

Metadata about the resource such as type, time create, etc.

resourceType

string [ 1 .. 20 ] characters ^[A-Za-z]+$

The name of the resource type of the resource: User, Group, etc.

Value:	Description
User	User Resource

location

string <uri> non-empty

The complete target URL. To make the related call, combine the method with this link, in URI template format. Include the $, (, and ) characters for pre-processing. The href is the key HATEOAS component that links a completed call with a subsequent call.

created

string <ppaas_date_time_v3> (date_time) [ 20 .. 64 ] characters ^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|...

The date and time, in Internet date and time format. Seconds are required while fractional seconds are optional.

Note: The regular expression provides guidance but does not reject all invalid dates.

lastModified

string <ppaas_date_time_v3> (date_time) [ 20 .. 64 ] characters ^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|...

The date and time, in Internet date and time format. Seconds are required while fractional seconds are optional.

Note: The regular expression provides guidance but does not reject all invalid dates.

{"resourceType": "User",
"location": "http://example.com",
"created": "string",
"lastModified": "string"
}

ScimName

The components of the user's real name.

familyName	string [ 1 .. 140 ] characters ^.*$ The family name of the User, or last name in most Western languages. The pattern is not provided because this property supports Unicode.
givenName	string [ 1 .. 140 ] characters ^.*$ The given name of the User, or first name in most Western languages. The pattern is not provided because this property supports Unicode.
middleName	string [ 1 .. 140 ] characters ^.*$ The middle name(s) of the User. The pattern is not provided because this property supports Unicode.
honorificPrefix	string [ 1 .. 140 ] characters ^.*$ The honorific prefix(es) of the User, or title in most Western languages (e.g., 'Ms.' given the full name 'Ms. Barbara J Jensen, III'). The pattern is not provided because this property supports Unicode.
honorificSuffix	string [ 1 .. 140 ] characters ^.*$ The honorific suffix(es) of the User, or suffix in most Western languages (e.g., 'III' given the full name 'Ms. Barbara J Jensen, III'). The pattern is not provided because this property supports Unicode.

{"familyName": "string",
"givenName": "string",
"middleName": "string",
"honorificPrefix": "string",
"honorificSuffix": "string"
}

ScimPatch

Patch request schema as defined by SCIM 2.0

schemas	Array of strings <uri> [ 1 .. 10 ] items
	Array of objects [ 1 .. 100 ] items List of patch operations

{"schemas": ["http://example.com"
],
"Operations": [{"op": "string",
"path": "string",
"value": null
}
]
}

ScimPhone

Phone number for the User. The value SHOULD be specified according to the format defined in [RFC3966], e.g.,'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.

value

required

string [ 1 .. 37 ] characters ^tel:\+([0-9\-]*)$

Phone number of the User defined in [RFC3966].

type

string [ 1 .. 255 ] characters ^[A-Za-z]+$

A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.

Enum:	Description
work	Work phone number.
home	Home phone number.
mobile	Mobile phone number.
fax	Fax number.
other	Other phone number.

primary

boolean

A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred primary email address. The primary attribute value 'true' MUST appear no more than once.

{"value": "string",
"type": "work",
"primary": true
}

ScimSearchResults

Search results returned by SCIM service.

schemas required	Array of strings <uri> [ 1 .. 10 ] items Search responses following the identified schemas.
startIndex	integer [ 1 .. 4999 ] The 1-based index of the first result in the current set of query results.
itemsPerPage	integer [ 1 .. 50 ] The number of resources returned in a list response page.
totalResults required	integer [ 0 .. 5000 ] Count of resources that matches the search filter.
	Array of objects (ScimUser) [ 1 .. 50 ] items Resources that matches the search filter.

{"schemas": ["http://example.com"
],
"startIndex": 1,
"itemsPerPage": 1,
"totalResults": 5000,
"Resources": [{"schemas": ["http://example.com"
],
"externalId": "string",
"userName": "string",
"name": {"familyName": "string",
"givenName": "string",
"middleName": "string",
"honorificPrefix": "string",
"honorificSuffix": "string"
},
"active": true,
"emails": [{"type": "work",
"primary": true,
"value": "string"
}
],
"phoneNumbers": [{"value": "string",
"type": "work",
"primary": true
}
],
"addresses": [{"streetAddress": "string",
"locality": "string",
"region": "string",
"postalCode": "string",
"type": "work",
"country": "string"
}
],
"entitlements": [{"value": "string"
}
],
"id": "string",
"meta": {"resourceType": "User",
"location": "http://example.com",
"created": "string",
"lastModified": "string"
},
"preferredLanguage": "string",
"timezone": "string"
}
]
}

ScimUser

User schema as defined by SCIM 2.0 .

schemas required	Array of strings <uri> [ 1 .. 10 ] items An array of identified schemas.
externalId	string [ 1 .. 128 ] characters ^.*$ A String that is an identifier for the resource as defined by the external or 3rd party client. The pattern is not provided because the value is defined by an external party.
userName required	string [ 1 .. 254 ] characters ^(?![0-9]*$)[a-zA-Z0-9]{8,16}$ Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. The pattern is not provided because the value is defined by an external party.
	object (ScimName) The components of the user's real name.
active	boolean A Boolean value indicating the User's administrative status.
	Array of objects (ScimEmail) [ 1 .. 10 ] items Email addresses for the user. The value SHOULD be specified according to [RFC5321]. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.
	Array of objects (ScimPhone) [ 1 .. 10 ] items Phone numbers for the User. The value SHOULD be specified according to the format defined in [RFC3966], e.g.,'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.
	Array of objects (ScimAddress) [ 1 .. 10 ] items Addresses for the User defined following the RFC 7643 specification.
	Array of objects (ScimEntitlement) [ 1 .. 10000 ] items A list of entitlements for the User that represent a thing the User has.
id	string <ppaas_payer_id_v3> (account_id) = 13 characters ^[2-9A-HJ-NP-Z]{13}$ The PayPal payer ID, which is a publicly-sharable of the PayPal account number intended for use with third parties.
	object (ScimMeta) Metadata about the resource such as type, time create, etc.
preferredLanguage	string <ppaas_common_language_v3> (language) [ 2 .. 10 ] characters ^[a-z]{2}(?:-[A-Z][a-z]{3})?(?:-(?:[A-Z]{2}\|[... The language tag for the language in which to localize the error-related strings, such as messages, issues, and suggested actions. The tag is made up of the ISO 639-2 language code, the optional ISO-15924 script tag, and the ISO-3166 alpha-2 country code or M49 region code.
timezone	string <ppaas_time_zone_v3> (time_zone) [ 1 .. 127 ] characters The time zone, in Internet Assigned Numbers Authority (IANA) time zone (tz) database format. A valid value is `America/New_York` or `Etc/UTC`. Do not use ambiguous, non-qualified tz database values, such as `EST` or `GB`. Before you include this type in your interface, consider whether it is appropriate to convey time zone information with your type. At the time of display to the user, transform this value from UTC. Typically, this type is associated with user-preference APIs.

{"schemas": ["http://example.com"
],
"externalId": "string",
"userName": "string",
"name": {"familyName": "string",
"givenName": "string",
"middleName": "string",
"honorificPrefix": "string",
"honorificSuffix": "string"
},
"active": true,
"emails": [{"type": "work",
"primary": true,
"value": "string"
}
],
"phoneNumbers": [{"value": "string",
"type": "work",
"primary": true
}
],
"addresses": [{"streetAddress": "string",
"locality": "string",
"region": "string",
"postalCode": "string",
"type": "work",
"country": "string"
}
],
"entitlements": [{"value": "string"
}
],
"id": "string",
"meta": {"resourceType": "User",
"location": "http://example.com",
"created": "string",
"lastModified": "string"
},
"preferredLanguage": "string",
"timezone": "string"
}

time_zone

The time zone, in Internet Assigned Numbers Authority (IANA) time zone (tz) database format. A valid value is America/New_York or Etc/UTC. Do not use ambiguous, non-qualified tz database values, such as EST or GB. Before you include this type in your interface, consider whether it is appropriate to convey time zone information with your type. At the time of display to the user, transform this value from UTC. Typically, this type is associated with user-preference APIs.

string <ppaas_time_zone_v3> (time_zone) [ 1 .. 127 ] characters

"string"