Skip to content
IdentityScribe

Channels

Scribe speaks your protocol. Pick a channel — LDAP, REST, GraphQL, or MCP — and start querying. All channels share the same query engine, so results are identical regardless of which one you use.

Pick a channel

Section titled “Pick a channel”
ChannelWhat it’s forStatus
LDAPExisting LDAP apps — no code changes neededStable
RESTHTTP/JSON for microservices and automationStable
GraphQLFlexible queries for frontendsStable
MCPAI coding assistants (Cursor, Claude, VS Code)Experimental
gRPCService mesh and high-throughput pipelinesRoadmap

Not sure? This decision tree walks you through it:

Which channel should I use?

Answer a few questions to find the right protocol

What are you building?
? Existing LDAP app?
LDAP No code changes needed
? AI assistant or coding tool?
MCP Claude, Cursor, VS Code
? Need flexible queries?
GraphQL Query exactly what you need
? Service-to-service or streaming?
gRPC High-performance streaming
REST Simple JSON API
Every channel reads the same data with the same audit trail

How they compare

Section titled “How they compare”
Channel Comparison

Choose the right protocol for your use case

LDAP
REST
GraphQL
MCP
Protocol
LDAP v3
HTTP/JSON
HTTP/JSON
HTTP/SSE
Format
BER/ASN.1
JSON
JSON
JSON-RPC
Schema
LDAP attrs
OpenAPI
SDL
Tools
Best for
Legacy apps
Microservices
Frontends
AI assistants
Pagination
Paged results
Cursor
Relay
Limit
All channels share the same query engine and data

Shared pipeline

Section titled “Shared pipeline”

Every query passes through the same four-stage pipeline, regardless of channel:

Query Pipeline

Unified processing across all channels

Request
1
Normalize
  • Parse query
  • Validate syntax
  • Map attributes
2
Plan
  • Analyze filter
  • Choose indexes
  • Optimize access
3
Compile
  • Generate SQL
  • Bind parameters
  • Prepare statement
4
Execute
  • Run query
  • Stream results
  • Format response
Response
Same pipeline for LDAP, REST, GraphQL, gRPC, and MCP queries

An LDAP search and a GraphQL query for the same data produce identical results. The channel determines the wire format; the query engine handles everything else.

What’s shared across channels

Section titled “What’s shared across channels”

Authentication. All channels support bearer token authentication. LDAP also supports bind-based authentication with username/password or proxy authorization.

Authorization. Permissions are evaluated at the directory level during query execution, not per-channel.

Pagination. Each channel uses pagination native to its protocol:

ChannelStyleParameters
LDAPSimple Paged Results, VLVLDAP controls
RESTCursor paginationfirst/after, last/before, limit
GraphQLCursor pagination (Relay)first/after, last/before
MCPCursor paginationlimit/after

Entry identifiers. Every entry can be looked up by GlobalId, UUID, UOID, or DN. All channels accept all formats. See Data Model for details.

Operational attributes. Metadata like entryID, entryUUID, timestamps, and ETags are available on every entry. See Data Model for the full list.

Filters. Queries accept FleX, JSON, SCIM, or LDAP filter syntax. Scribe auto-detects the format.

Temporal references. Time-based parameters support ISO timestamps, durations, relative expressions (now-1h), and natural language (yesterday, last 3 days). See Filters reference.

Errors. All channels share the unified failure model. Errors map to protocol-appropriate responses. See Error Handling.

API discovery

Section titled “API discovery”

The /.well-known/api-catalog endpoint provides machine-readable API discovery per RFC 9727. Clients can discover all enabled channels, their base paths, and schema URLs from a single request.

Get channel runtime status (bound ports, enabled channels) at /observe/channels. See Endpoints Reference for response details.

For configuration options, see Configuration Reference.