I am trying to implement a SCIM REST API and got a small confusion with respect to PUT operation.
As per SCIM RFC RFC 7644 PUT used to replace/update resource and PUT should not create a resource.
What API needs to do if the resource doesn't exists?
Return 404 (Not Found) or any other status code to return?
do we need to try to create the resource? if it so is that against SCIM standard?
Per the SCIM RFC, as you highlighted in section 3.5.1 as well as in section 3.2, it's called out that PUT MUST NOT be used to create new resources.
If we look at section 3.12 of RFC 7644 (https://www.rfc-editor.org/rfc/rfc7644#section-3.12) 404 is defined as:
404 (Not Found), applicable to GET, POST, PUT, PATCH, DELETE. "Specified resource (e.g., User) or endpoint does not exist."
As the endpoint defined for the user object type is /Users, the usage of "User" in this example seems to be referring to an individual user object rather than the /Users endpoint. Given that, 404 does appear to be the correct response as per the RFC. This also aligns with my own experience - any calls against a known resource (ie: /Users/ID Value) targeting an ID value that does not exist should return a 404. POST would never target /Users/ID Value, only /Users, as POST is meant to create new objects and the ID value is assigned by the service provider rather than in the payload of the SCIM client's request.
Creating the object would be against the SCIM protocol's rules, as you've already correctly identified.
Edit: After chatting with a colleague of mine on this, my interpretation of the above was incorrect. The correct response here is 400 Bad Request with an error message of invalidValue. The value (/Users/123) not existing makes it incompatible with the operation (update via PUT) being requested.