Stitchflow
Back to directory
Squarespace logo

Squarespace User Management API Guide

API workflow

How to automate user lifecycle operations through APIs with caveats that matter in production.

UpdatedMar 16, 2026

Summary and recommendation

Squarespace does not expose a public REST API for contributor or member identity management.

The Commerce API (OAuth 2.0) covers orders, products, and inventory only - there are no identity or user-management scopes.

SCIM 2.0 provisioning exists but is delivered exclusively through IdP connectors (Okta, Entra ID) on the Enterprise plan;

no standalone Squarespace SCIM endpoint is publicly documented.

For teams building against an identity graph, Squarespace's API surface contributes commerce event data only - user lifecycle signals must route through the IdP layer.

API quick reference

Has user APINo
Auth methodOAuth 2.0 (for Commerce APIs); API Key (for direct integrations)
Base URLOfficial docs
SCIM availableYes
SCIM plan requiredEnterprise (custom pricing; not included in Basic, Core, Plus, or Advanced self-serve plans)

Authentication

Auth method: OAuth 2.0 (for Commerce APIs); API Key (for direct integrations)

Setup steps

  1. Register a developer app at developers.squarespace.com.
  2. Configure OAuth 2.0 redirect URIs and request the required commerce scopes.
  3. Direct the site owner through the OAuth authorization flow to obtain an access token.
  4. Use the access token as a Bearer token in the Authorization header for Commerce API calls.
  5. For SCIM/SSO (Enterprise only): configure the Okta or Entra ID SCIM connector via the IdP admin console - no Squarespace-side REST endpoint is exposed.

Required scopes

Scope Description Required for
website.orders Read and write access to orders Commerce order management
website.products Read and write access to products and inventory Commerce product management

User object / data model

User object field mapping is not yet verified for this app.

Core endpoints

Endpoint coverage is not yet verified for this app.

Rate limits, pagination, and events

  • Rate limits: Squarespace Commerce API enforces rate limits but does not publicly document specific numeric thresholds per plan in official docs as of early 2025.

  • Rate-limit headers: Unknown

  • Retry-After header: Unknown

  • Rate-limit notes: Official docs note that exceeding limits returns HTTP 429. Specific limits and headers are not publicly documented.

  • Pagination method: cursor

  • Default page size: 20

  • Max page size: 50

  • Pagination pointer: cursor

  • Webhooks available: Yes

  • Webhook notes: Squarespace supports webhooks for Commerce events (orders, inventory). There are no webhook events for user/member provisioning or deprovisioning.

  • Alternative event strategy: For member/user lifecycle events, polling is not supported via API. Enterprise SCIM provisioning via Okta/Entra ID handles user lifecycle outside of Squarespace's own API surface.

  • Webhook events: order.create, order.update, inventory.update

SCIM API status

  • SCIM available: Yes

  • SCIM version: 2.0

  • Plan required: Enterprise (custom pricing; not included in Basic, Core, Plus, or Advanced self-serve plans)

  • Endpoint: Not documented

  • Supported operations: User provisioning (create), User deprovisioning (deactivate), Attribute sync (name, email)

Limitations:

  • SCIM is delivered exclusively through IdP connectors (Okta, Entra ID); no standalone Squarespace SCIM REST endpoint is publicly documented.
  • Google Workspace and OneLogin SCIM connectors are not officially supported.
  • Group/role provisioning support is not documented.
  • Requires Enterprise plan - not available on any self-serve tier.
  • SCIM endpoint URL is generated by the IdP connector, not by Squarespace directly.

Common scenarios

Three integration paths are supported by the available data.

First, Enterprise SCIM via Okta: add the Squarespace SCIM app from the Okta Integration Network, configure the tenant URL and bearer token provided by Squarespace Enterprise onboarding, then assign users or groups

deprovisioning triggers on Okta assignment removal.

Second, Enterprise SCIM via Entra ID: add the Squarespace Enterprise gallery app, configure automatic provisioning with the SCIM endpoint and secret token from onboarding, and sync name/email attributes via SCIM 2.0.

Third, Commerce OAuth 2.0: register an app at developers.squarespace.com, complete the authorization code flow with commerce scopes, and call order/product/inventory endpoints using a Bearer token.

In all cases, the SCIM endpoint URL and bearer token are provisioned by Squarespace Enterprise support - they are not self-serve.

Group provisioning behavior and full attribute mapping support are not publicly documented;

verify with Enterprise support before building against them.

Provision Enterprise users via Okta SCIM

  1. Upgrade to Squarespace Enterprise plan.
  2. In Okta admin console, add the Squarespace SCIM application from the Okta Integration Network.
  3. Configure the SCIM connector with the tenant URL and bearer token provided by Squarespace Enterprise onboarding.
  4. Assign users or groups in Okta; Okta pushes SCIM 2.0 provisioning requests to Squarespace.
  5. Deprovisioning is handled by removing the Okta assignment, which triggers a SCIM deactivate call.

Watch out for: The SCIM endpoint and bearer token are provisioned by Squarespace Enterprise support, not self-serve. No public endpoint URL is documented.

Provision Enterprise users via Microsoft Entra ID SCIM

  1. Upgrade to Squarespace Enterprise plan.
  2. In Entra ID (Azure AD), add the Squarespace Enterprise application from the gallery.
  3. Configure automatic provisioning with the SCIM endpoint URL and secret token from Squarespace Enterprise onboarding.
  4. Assign users/groups; Entra ID syncs user attributes (name, email) via SCIM 2.0.
  5. Deprovisioning occurs automatically when user assignment is removed in Entra ID.

Watch out for: Group provisioning behavior and supported attribute mappings are not fully documented publicly; verify with Squarespace Enterprise support.

Integrate Commerce data via OAuth 2.0

  1. Register an app at developers.squarespace.com and obtain client_id and client_secret.
  2. Redirect the site owner to the Squarespace OAuth authorization URL with desired commerce scopes.
  3. Exchange the returned authorization code for an access token via POST to the token endpoint.
  4. Use the Bearer token to call Commerce API endpoints (orders, products, inventory).
  5. Handle HTTP 429 responses with exponential backoff; no Retry-After header is documented.

Watch out for: OAuth tokens are scoped to commerce resources only. There is no scope for reading or writing user/member data.

Why building this yourself is a trap

The primary trap is assuming the Commerce API can be extended to cover user identity - it cannot. OAuth scopes are commerce-domain only; there is no scope for reading or writing contributor or member data.

Rate limit thresholds and response headers (including Retry-After) are not publicly documented; the only guaranteed signal on breach is HTTP 429, so any integration must implement exponential backoff without header guidance. Pagination is cursor-based with an opaque token and a maximum page size of 50;

offset-based pagination is not supported. For SCIM, Google Workspace and OneLogin connectors are not officially supported, and the SCIM endpoint itself is IdP-generated - not a Squarespace-native URL - which means portability across IdPs is not guaranteed without re-onboarding through Enterprise support.

Automate Squarespace workflows without one-off scripts

Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.

Every app coverage, including apps without APIs
60+ app integrations plus browser automation for apps without APIs
IT graph reconciliation across apps and your IdP
Less than a week to launch, maintained as APIs and admin consoles change
SOC 2 Type II. ~2 hours of your team's time
Book a Demo

UpdatedMar 16, 2026

* Details sourced from official product documentation and admin references.

Keep exploring

Related apps

AdRoll logo

AdRoll

Manual Only
AutomationNot Supported
Last updatedMar 2026

AdRoll's user management is handled through Settings > Company > User Permissions. Only Admins can add, edit, or remove users — General Users cannot manage teammates or access billing by default. AdRoll offers unlimited user seats, so there is no docum

Admin guideAPI guide
Ahrefs logo

Ahrefs

Manual Only
AutomationNot Supported
Last updatedFeb 2026

Ahrefs provides a four-tier workspace access model — Owner, Admin, Member, and Guest — governed by workspace-level roles combined with per-object share settings. Every app in your stack that handles SEO data access should have a clear offboarding path;

Admin guideAPI guide
Atlassian Loom logo

Atlassian Loom

Manual Only
AutomationNot Supported
Last updatedFeb 2026

Atlassian Loom uses a fixed, workspace-scoped role model: Admin, Creator (also called Member on legacy Enterprise contracts), Creator Lite (deprecated for new users after February 2026), and Viewer (Education plans only). There are no custom roles or p

Admin guideAPI guide